Merge release-20191114.0-25-gb0a1bbd (automated)

author: gVisor bot <gvisor-bot@google.com> 2019-11-23 01:00:25 +0000
committer: gVisor bot <gvisor-bot@google.com> 2019-11-23 01:00:25 +0000
commit: 9ee0687661824f0b1cc6f5b8d86ede59a755b3a2 (patch)
tree: 0a0e4466cc21b576694cbd5fc72acef7883dfdab /pkg/tcpip/transport
parent: a9af31835128704f3ed7f411af069784db81e3d6 (diff)
parent: b0a1bbd3e248888cf6c9e6fa73df5d2c22490f85 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/pkg/tcpip/transport/tcp/connect.go b/pkg/tcpip/transport/tcp/connect.go
index 00c0c9a92..f14f0ca65 100644
--- a/pkg/tcpip/transport/tcp/connect.go
+++ b/pkg/tcpip/transport/tcp/connect.go
@@ -299,6 +299,15 @@ func (h *handshake) synRcvdState(s *segment) *tcpip.Error {
 		return nil
 	}
 
+	// RFC 793, Section 3.9, page 69, states that in the SYN-RCVD state, a
+	// sequence number outside of the window causes an ACK with the proper seq
+	// number and "After sending the acknowledgment, drop the unacceptable
+	// segment and return."
+	if !s.sequenceNumber.InWindow(h.ackNum, h.rcvWnd) {
+		h.ep.sendRaw(buffer.VectorisedView{}, header.TCPFlagAck, h.iss+1, h.ackNum, h.rcvWnd)
+		return nil
+	}
+
 	if s.flagIsSet(header.TCPFlagSyn) && s.sequenceNumber != h.ackNum-1 {
 		// We received two SYN segments with different sequence
 		// numbers, so we reset this and restart the whole
author	gVisor bot <gvisor-bot@google.com>	2019-11-23 01:00:25 +0000
committer	gVisor bot <gvisor-bot@google.com>	2019-11-23 01:00:25 +0000
commit	9ee0687661824f0b1cc6f5b8d86ede59a755b3a2 (patch)
tree	0a0e4466cc21b576694cbd5fc72acef7883dfdab /pkg/tcpip/transport
parent	a9af31835128704f3ed7f411af069784db81e3d6 (diff)
parent	b0a1bbd3e248888cf6c9e6fa73df5d2c22490f85 (diff)