tcp: Fix missing range_truesize enlargement in the backport

The 4.4.y stable backport dc6ae4dffd65 for the upstream commit
3d4bf93ac120 ("tcp: detect malicious patterns in
tcp_collapse_ofo_queue()") missed a line that enlarges the
range_truesize value, which broke the whole check.

Fixes: dc6ae4dffd65 ("tcp: detect malicious patterns in tcp_collapse_ofo_queue()")
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Cc: Michal Kubecek <mkubecek@suse.cz>

diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 4a261e078082f0bedbbd84e02bcf25a24cf4d207..9c4c6cd0316ee80256f8fb704e84e56ecc6e9683 100644 (file)
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4835,6 +4835,7 @@ static void tcp_collapse_ofo_queue(struct sock *sk)
                        end = TCP_SKB_CB(skb)->end_seq;
                        range_truesize = skb->truesize;
                } else {
+                       range_truesize += skb->truesize;
                        if (before(TCP_SKB_CB(skb)->seq, start))
                                start = TCP_SKB_CB(skb)->seq;
                        if (after(TCP_SKB_CB(skb)->end_seq, end))