CVE-2021-45098
commit
50e2b973eeec7172991bf8f544ab06fb782b97df
Author: Victor Julien <victor@inliniac.net>
Date: Tue Oct 5 14:48:27 2021 +0200
stream/tcp: handle RST with MD5 or AO header
Special handling for RST packets if they have an TCP MD5 or AO header option.
The options hash can't be validated. The end host might be able to validate
it, as it can have a key/password that was communicated out of band.
The sender could use this to move the TCP state to 'CLOSED', leading to
a desync of the TCP session.
This patch builds on top of
843d0b7a10bb ("stream: support RST getting lost/ignored")
It flags the receiver as having received an RST and moves the TCP state
into the CLOSED state. It then reverts this if the sender continues to
send traffic. In this case it sets the following event:
stream-event:suspected_rst_inject;
Bug: #4710.
Gbp-Pq: Name CVE-2021-45098.patch
projects / suricata.git / commit