tcp: Fix missing range_truesize enlargement in the backport

The 4.4.y stable backport dc6ae4dffd65 for the upstream commit 3d4bf93ac120 ("tcp: detect malicious patterns in tcp_collapse_ofo_queue()") missed a line that enlarges the range_truesize value, which broke the whole check. Fixes: dc6ae4dffd65 ("tcp: detect malicious patterns in tcp_collapse_ofo_queue()") Signed-off-by: Takashi Iwai <tiwai@suse.de> Cc: Michal Kubecek <mkubecek@suse.cz>
author: Takashi Iwai <tiwai@suse.de> 2018-08-15 11:58:46 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-08-17 20:56:44 +0200
commit: 42962538cd9fe281a6e8602f22c7b1e218ed812a (patch)
tree: 186643e553d2bfcb1dd8e581480bceb646f6316f
parent: 438604aa025a449e5c994ba4c824cc7267b8ccd2 (diff)
download: linux-42962538cd9fe281a6e8602f22c7b1e218ed812a.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 4a261e078082f0..9c4c6cd0316ee8 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4835,6 +4835,7 @@ static void tcp_collapse_ofo_queue(struct sock *sk)
 			end = TCP_SKB_CB(skb)->end_seq;
 			range_truesize = skb->truesize;
 		} else {
+			range_truesize += skb->truesize;
 			if (before(TCP_SKB_CB(skb)->seq, start))
 				start = TCP_SKB_CB(skb)->seq;
 			if (after(TCP_SKB_CB(skb)->end_seq, end))
author	Takashi Iwai <tiwai@suse.de>	2018-08-15 11:58:46 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2018-08-17 20:56:44 +0200
commit	42962538cd9fe281a6e8602f22c7b1e218ed812a (patch)
tree	186643e553d2bfcb1dd8e581480bceb646f6316f
parent	438604aa025a449e5c994ba4c824cc7267b8ccd2 (diff)
download	linux-42962538cd9fe281a6e8602f22c7b1e218ed812a.tar.gz