tcp: Fix missing range_truesize enlargement in the backport

BugLink: https://bugs.launchpad.net/bugs/1792310 The 4.4.y stable backport dc6ae4df for the upstream commit 3d4bf93a ("tcp: detect malicious patterns in tcp_collapse_ofo_queue()") missed a line that enlarges the range_truesize value, which broke the whole check. Fixes: dc6ae4df ("tcp: detect malicious patterns in tcp_collapse_ofo_queue()") Signed-off-by: Takashi Iwai <tiwai@suse.de> Cc: Michal Kubecek <mkubecek@suse.cz> Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

tcp: Fix missing range_truesize enlargement in the backport
BugLink: https://bugs.launchpad.net/bugs/1792310 The 4.4.y stable backport dc6ae4df for the upstream commit 3d4bf93a ("tcp: detect malicious patterns in tcp_collapse_ofo_queue()") missed a line that enlarges the range_truesize value, which broke the whole check. Fixes: dc6ae4df ("tcp: detect malicious patterns in tcp_collapse_ofo_queue()") Signed-off-by: Takashi Iwai <tiwai@suse.de> Cc: Michal Kubecek <mkubecek@suse.cz> Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
11554a2d · Takashi Iwai · Kleber Sacilotto de Souza · b0f51542 · 11554a2d
Commit 11554a2d authored Aug 15, 2018 by Takashi Iwai Committed by Kleber Sacilotto de Souza Oct 02, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

net/ipv4/tcp_input.c net/ipv4/tcp_input.c +2 -1

No files found.
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4830,8 +4830,9 @@ static void tcp_collapse_ofo_queue(struct sock *sk)
 			/* Start new segment */
 			start = TCP_SKB_CB(skb)->seq;
 			end = TCP_SKB_CB(skb)->end_seq;
-			range_truesize += skb->truesize;
+			range_truesize = skb->truesize;
 		} else {
+			range_truesize += skb->truesize;
 			if (before(TCP_SKB_CB(skb)->seq, start))
 				start = TCP_SKB_CB(skb)->seq;
 			if (after(TCP_SKB_CB(skb)->end_seq, end))