BACKPORT: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
commit 967c05aee439e6e5d7d805e195b3a20ef5c433d6 upstream. If mtu probing is enabled tcp_mtu_probing() could very well end up with a too small MSS. Use the new sysctl tcp_min_snd_mss to make sure MSS search is performed in an acceptable range. CVE-2019-11479 -- tcp mss hardcoded to 48 Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Jonathan Lemon <jonathan.lemon@gmail.com> Cc: Jonathan Looney <jtl@netflix.com> Acked-by: Neal Cardwell <ncardwell@google.com> Cc: Yuchung Cheng <ycheng@google.com> Cc: Tyler Hicks <tyhicks@canonical.com> Cc: Bruce Curtis <brucec@netflix.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> [BACKPORT to 3.10: use previous sysctrl method] Signed-off-by: syphyr@gmail.com
This commit is contained in:
Eric Dumazet
syphyr
parent
aa4e78abe5
commit
a9490a27e6
|
|
@ -149,6 +149,7 @@ static void tcp_mtu_probing(struct inet_connection_sock *icsk, struct sock *sk)
|
|||
mss = tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_low) >> 1;
|
||||
mss = min(sysctl_tcp_base_mss, mss);
|
||||
mss = max(mss, 68 - tp->tcp_header_len);
|
||||
mss = max(mss, sysctl_tcp_min_snd_mss);
|
||||
icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, mss);
|
||||
tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue