From 3ceb73adb28f0c88b870bfcd3f8f6119753c469a Mon Sep 17 00:00:00 2001 From: bluhm Date: Tue, 14 May 2024 09:39:02 +0000 Subject: [PATCH] Sanity check for TSO payload length in TCP chopper. Although it should not happen, check that ph_mss is not 0 in tcp_chopper(). This could catch errors in the LRO path of network drivers. Better count bad packet and drop it rather than ending in an endless loop. The new logic is analog to a recent change in the hardware TSO path in the drivers. OK jan@ --- sys/netinet/tcp_output.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index c695cb0d55d..4016bd81a55 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_output.c,v 1.144 2024/04/17 20:48:51 bluhm Exp $ */ +/* $OpenBSD: tcp_output.c,v 1.145 2024/05/14 09:39:02 bluhm Exp $ */ /* $NetBSD: tcp_output.c,v 1.16 1997/06/03 16:17:09 kml Exp $ */ /* @@ -1207,6 +1207,11 @@ tcp_chopper(struct mbuf *m0, struct mbuf_list *ml, struct ifnet *ifp, ml_init(ml); ml_enqueue(ml, m0); + if (mss == 0) { + error = EINVAL; + goto bad; + } + ip = mtod(m0, struct ip *); switch (ip->ip_v) { case 4: -- 2.20.1