Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichal Kubecek <mkubecek@suse.cz>2019-06-17 22:04:53 +0200
committerMichal Kubecek <mkubecek@suse.cz>2019-06-17 22:04:55 +0200
commitbfa3a327a9c01b1c1f038ee573fdb099cdfb5288 (patch)
tree3739ff170a41a1f80b914f33d2d750e89404314e
parentecc15e52cd6c772db5d0e449869954cf32f358fc (diff)
tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()HEADmaster
(CVE-2019-11479 bsc#1137586). suse-commit: ab45ff3e3fdf55a448d6e8f163f968798b257a1d
-rw-r--r--net/ipv4/tcp_timer.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
index 5bad937ce779..c801cd37cc2a 100644
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -155,6 +155,7 @@ static void tcp_mtu_probing(struct inet_connection_sock *icsk, struct sock *sk)
mss = tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_low) >> 1;
mss = min(net->ipv4.sysctl_tcp_base_mss, mss);
mss = max(mss, 68 - tcp_sk(sk)->tcp_header_len);
+ mss = max(mss, net->ipv4.sysctl_tcp_min_snd_mss);
icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, mss);
}
tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);