Commit 42962538 authored Aug 15, 2018 by Takashi Iwai Committed by Greg Kroah-Hartman Aug 17, 2018

tcp: Fix missing range_truesize enlargement in the backport



The 4.4.y stable backport dc6ae4df for the upstream commit
3d4bf93ac120 ("tcp: detect malicious patterns in
tcp_collapse_ofo_queue()") missed a line that enlarges the
range_truesize value, which broke the whole check.

Fixes: dc6ae4df ("tcp: detect malicious patterns in tcp_collapse_ofo_queue()")
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Cc: Michal Kubecek <mkubecek@suse.cz>

parent 438604aa

net/ipv4/tcp_input.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -4835,6 +4835,7 @@ static void tcp_collapse_ofo_queue(struct sock *sk)
		end = TCP_SKB_CB(skb)->end_seq;
		range_truesize = skb->truesize;
		} else {
		range_truesize += skb->truesize;
		if (before(TCP_SKB_CB(skb)->seq, start))
		start = TCP_SKB_CB(skb)->seq;
		if (after(TCP_SKB_CB(skb)->end_seq, end))