[Feature][ZXW-65]merged P49 base code Change-Id: I3e09c0c3d47483bc645f02310380ecb7fc6f4041

commit: 758261d1c1850656b47c4c40486e4237bcd769a6 [log] [tgz]
author: lh <lh@exm.com> Thu Jul 13 05:52:04 2023 -0700
committer: lh <lh@exm.com> Thu Jul 13 05:52:04 2023 -0700
tree: 3bc26310c3b153ab3189a54780a041d5278a2432
parent: b0dd97e3f107d69ed0d9728748df12c7833884a7 [diff]
diff --git a/ap/os/linux/linux-3.4.x/net/ipv4/ip_sockglue.c b/ap/os/linux/linux-3.4.x/net/ipv4/ip_sockglue.c
index df9f330..ad439ed 100644
--- a/ap/os/linux/linux-3.4.x/net/ipv4/ip_sockglue.c
+++ b/ap/os/linux/linux-3.4.x/net/ipv4/ip_sockglue.c

@@ -254,6 +254,8 @@
 		return -EINVAL;
 
 	new_ra = on ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL;
+	if (on && !new_ra) //CVE-2019-12381(BDSA-2019-1652)
+		return -ENOMEM;
 
 	spin_lock_bh(&ip_ra_lock);
 	for (rap = &ip_ra_chain;

diff --git a/ap/os/linux/linux-3.4.x/net/ipv4/ping.c b/ap/os/linux/linux-3.4.x/net/ipv4/ping.c
index 9f471c3..5ff3ed1 100644
--- a/ap/os/linux/linux-3.4.x/net/ipv4/ping.c
+++ b/ap/os/linux/linux-3.4.x/net/ipv4/ping.c

@@ -665,11 +665,13 @@
 	if (msg->msg_name) {
 		struct sockaddr_in *sin = (struct sockaddr_in *)msg->msg_name;
 
-		sin->sin_family = AF_INET;
-		sin->sin_port = 0 /* skb->h.uh->source */;
-		sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
-		memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
-		*addr_len = sizeof(*sin);
+		if (sin) { //CVE-2013-6432
+			sin->sin_family = AF_INET;
+			sin->sin_port = 0 /* skb->h.uh->source */;
+			sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
+			memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
+			*addr_len = sizeof(*sin);
+		}
 	}
 	if (isk->cmsg_flags)
 		ip_cmsg_recv(msg, skb);

diff --git a/ap/os/linux/linux-3.4.x/net/ipv4/tcp.c b/ap/os/linux/linux-3.4.x/net/ipv4/tcp.c
index a18ff4e..82bb0e7 100755
--- a/ap/os/linux/linux-3.4.x/net/ipv4/tcp.c
+++ b/ap/os/linux/linux-3.4.x/net/ipv4/tcp.c

@@ -2174,6 +2174,10 @@
 	tcp_set_ca_state(sk, TCP_CA_Open);
 	tcp_clear_retrans(tp);
 	inet_csk_delack_init(sk);
+	/* Initialize rcv_mss to TCP_MIN_MSS to avoid division by 0
+	 * issue in __tcp_select_window()
+	 */
+	icsk->icsk_ack.rcv_mss = TCP_MIN_MSS; //CVE-2017-14106(BDSA-2017-1152)
 	tcp_init_send_head(sk);
 	memset(&tp->rx_opt, 0, sizeof(tp->rx_opt));
 	__sk_dst_reset(sk);

diff --git a/ap/os/linux/linux-3.4.x/net/ipv4/tcp_timer.c b/ap/os/linux/linux-3.4.x/net/ipv4/tcp_timer.c
index 34d4a02..94159fc 100644
--- a/ap/os/linux/linux-3.4.x/net/ipv4/tcp_timer.c
+++ b/ap/os/linux/linux-3.4.x/net/ipv4/tcp_timer.c

@@ -124,6 +124,7 @@
 			mss = tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_low) >> 1;
 			mss = min(sysctl_tcp_base_mss, mss);
 			mss = max(mss, 68 - tp->tcp_header_len);
+			mss = max(mss, TCP_MIN_SND_MSS);//BDSA-2019-1812(CVE-2019-11479)
 			icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, mss);
 			tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);
 		}
commit	758261d1c1850656b47c4c40486e4237bcd769a6	[log] [tgz]
author	lh <lh@exm.com>	Thu Jul 13 05:52:04 2023 -0700
committer	lh <lh@exm.com>	Thu Jul 13 05:52:04 2023 -0700
tree	3bc26310c3b153ab3189a54780a041d5278a2432
parent	b0dd97e3f107d69ed0d9728748df12c7833884a7 [diff]