tcp: Fix missing range_truesize enlargement in the backport

The 4.4.y stable backport dc6ae4d for the upstream commit 3d4bf93 ("tcp: detect malicious patterns in tcp_collapse_ofo_queue()") missed a line that enlarges the range_truesize value, which broke the whole check. Fixes: dc6ae4d ("tcp: detect malicious patterns in tcp_collapse_ofo_queue()") Signed-off-by: Takashi Iwai <[email protected]> Cc: Michal Kubecek <[email protected]>
khadas · Sep 26, 2018 · 22ceddd · 22ceddd
1 parent c6657b5
commit 22ceddd
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
@@ -4836,6 +4836,7 @@ static void tcp_collapse_ofo_queue(struct sock *sk)
 			end = TCP_SKB_CB(skb)->end_seq;
 			range_truesize = skb->truesize;
 		} else {
+			range_truesize += skb->truesize;
 			if (before(TCP_SKB_CB(skb)->seq, start))
 				start = TCP_SKB_CB(skb)->seq;
 			if (after(TCP_SKB_CB(skb)->end_seq, end))