Validate ACK for TCP RST packets.

2016-12-26 13:10:39 +00:00 · 2016-12-26 13:10:39 +00:00 · 83f886826f
parent f468f47959
commit 83f886826f
1 changed files with 49 additions and 0 deletions
--- a/src/socket/tcp.rs
+++ b/src/socket/tcp.rs
@ -274,6 +274,23 @@ impl<'a> TcpSocket<'a> {
                return Err(Error::Malformed)
            }
            (State::Listen, TcpRepr { ack_number: None, .. }) => (),
+            // A reset received in response to initial SYN is acceptable if it acknowledges
+            // the initial SYN.
+            (State::SynSent, TcpRepr { control: TcpControl::Rst, ack_number: None, .. }) => {
+                net_trace!("tcp:{}:{}: unacceptable RST (expecting RST|ACK) \
+                            in response to initial SYN",
+                           self.local_endpoint, self.remote_endpoint);
+                return Err(Error::Malformed)
+            }
+            (State::SynSent, TcpRepr {
+                control: TcpControl::Rst, ack_number: Some(ack_number), ..
+            }) => {
+                if ack_number != self.local_seq_no {
+                    net_trace!("tcp:{}:{}: unacceptable RST|ACK in response to initial SYN",
+                               self.local_endpoint, self.remote_endpoint);
+                    return Err(Error::Malformed)
+                }
+            }
            // Every packet after the initial SYN must be an acknowledgement.
            (_, TcpRepr { ack_number: None, .. }) => {
                net_trace!("tcp:{}:{}: expecting an ACK",
@ -648,6 +665,38 @@ mod test {
        }, Err(Error::Malformed));
    }

+    #[test]
+    fn test_no_ack_syn_sent_rst() {
+        let mut s = socket();
+        s.state           = State::SynSent;
+        s.local_endpoint  = LOCAL_END;
+        s.remote_endpoint = REMOTE_END;
+        s.local_seq_no    = LOCAL_SEQ;
+
+        send!(s, TcpRepr {
+            control: TcpControl::Rst,
+            seq_number: REMOTE_SEQ,
+            ack_number: None,
+            ..SEND_TEMPL
+        }, Err(Error::Malformed));
+    }
+
+    #[test]
+    fn test_bad_ack_syn_sent_rst() {
+        let mut s = socket();
+        s.state           = State::SynSent;
+        s.local_endpoint  = LOCAL_END;
+        s.remote_endpoint = REMOTE_END;
+        s.local_seq_no    = LOCAL_SEQ;
+
+        send!(s, TcpRepr {
+            control: TcpControl::Rst,
+            seq_number: REMOTE_SEQ,
+            ack_number: Some(1234),
+            ..SEND_TEMPL
+        }, Err(Error::Malformed));
+    }
+
    #[test]
    fn test_bad_ack_established() {
        let mut s = socket();