www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Wei Wang <weiwan@google.com>
	Thu, 18 May 2017 18:22:33 +0000 (11:22 -0700)
committer	Kirtikar Kashyap <kirtikar.kashyap@oracle.com>
	Mon, 2 Oct 2017 19:42:23 +0000 (12:42 -0700)
commit	b236991af0118b72c32381521afbaeee36cd3ca4
tree	d6b78cffe7d8d3c80a69ab4d5fa14a232a852cd8	tree
parent	ce89aedb5cd287f37fb40ae0c510a14ab5eea5fe	commit \| diff

tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0

When tcp_disconnect() is called, inet_csk_delack_init() sets
icsk->icsk_ack.rcv_mss to 0.
This could potentially cause tcp_recvmsg() => tcp_cleanup_rbuf() =>
__tcp_select_window() call path to have division by 0 issue.
So this patch initializes rcv_mss to TCP_MIN_MSS instead of 0.

Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Wei Wang <weiwan@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 499350a5a6e7512d9ed369ed63a4244b6536f4f8)

Orabug: 26796038
CVE: CVE-2017-14106

Signed-off-by: Kirtikar Kashyap <kirtikar.kashyap@oracle.com>
Reviewed-by: Jack Vogel <jack.vogel@oracle.com>