Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TCP fuzz fixes #538

Merged
merged 8 commits into from
Oct 5, 2021
Merged

TCP fuzz fixes #538

merged 8 commits into from
Oct 5, 2021

Commits on Oct 4, 2021

  1. tcp: fix use of fractional .millis() that should be .total_millis() i… 

    …n rtte.
    @Dirbaio
    Dirbaio committed Oct 4, 2021
    Configuration menu
    Copy the full SHA
    7e118f0 View commit details
    Browse the repository at this point in the history

  2. tcp: disallow zero MSS. 

    This causes an infinite loop of zero-length packets: when we have data
to send, it sends MSS-length packets until filling the window, which
is an infinte amount of packets because mss is zero.

Found with cargo-fuzz.
    @Dirbaio
    Dirbaio committed Oct 4, 2021
    Configuration menu
    Copy the full SHA
    4369794 View commit details
    Browse the repository at this point in the history

  3. tcp: don't force-send data on retransmit. 

    Previous code had an `if` to force sending a packet when retransmitting.
When the remote window is zero this would cause an infinite loop of
sending empty packets, because the "retransmit" flag would never get cleared.

Remove the force-retransmit, and add an explicit check on `seq_to_transmit` for
pending SYNs because SYN retransmission relied on it.

Found with cargo-fuzz.
    @Dirbaio
    Dirbaio committed Oct 4, 2021
    Configuration menu
    Copy the full SHA
    675c0a1 View commit details
    Browse the repository at this point in the history

  4. tcp: in SYN_SENT only accept SYNACK, discard everything else. 

    THis would let FIN packets through, breaking the logic below.

Found with cargo-fuzz.
    @Dirbaio
    Dirbaio committed Oct 4, 2021
    Configuration menu
    Copy the full SHA
    5d31ae0 View commit details
    Browse the repository at this point in the history

  5. tcp: fix "subtract with overflow" when ack in syn-received is one too… 

    … low.

Found with cargo-fuzz.
    @Dirbaio
    Dirbaio committed Oct 4, 2021
    Configuration menu
    Copy the full SHA
    f95b0bf View commit details
    Browse the repository at this point in the history

  6. tcp: do not switch to ESTABLISHED when ack in syn-received is one too… 

    … low.
    @Dirbaio
    Dirbaio committed Oct 4, 2021
    Configuration menu
    Copy the full SHA
    1adca5b View commit details
    Browse the repository at this point in the history

  7. tcp: add test for ack one-too-high in SYN_RECEIVED.

    @Dirbaio
    Dirbaio committed Oct 4, 2021
    Configuration menu
    Copy the full SHA
    9c5f62e View commit details
    Browse the repository at this point in the history

  8. tcp: fix "attempt to negate with overflow" when initial seq is 0xFFFF… 

    …_FFFF.

Found with cargo-fuzz.
    @Dirbaio
    Dirbaio committed Oct 4, 2021
    Configuration menu
    Copy the full SHA
    78fb02a View commit details
    Browse the repository at this point in the history