Merge pull request #1058 from jnkr-ifx/tcp-rst-fix

Dirbaio · web-flow · commit e2b75e37d732 · 2025-05-05T19:03:02.000Z
tcp: Don't accept RST packets on listening sockets
diff --git a/src/socket/tcp.rs b/src/socket/tcp.rs
@@ -1513,10 +1513,12 @@ impl<'a> Socket<'a> {
             return false;
         }
 
-        // If we're still listening for SYNs and the packet has an ACK, it cannot
-        // be destined to this socket, but another one may well listen on the same
-        // local endpoint.
-        if self.state == State::Listen && repr.ack_number.is_some() {
+        // If we're still listening for SYNs and the packet has an ACK or a RST,
+        // it cannot be destined to this socket, but another one may well listen
+        // on the same local endpoint.
+        if self.state == State::Listen
+            && (repr.ack_number.is_some() || repr.control == TcpControl::Rst)
+        {
             return false;
         }
 
@@ -3284,15 +3286,13 @@ mod test {
     #[test]
     fn test_listen_rst() {
         let mut s = socket_listen();
-        send!(
-            s,
-            TcpRepr {
-                control: TcpControl::Rst,
-                seq_number: REMOTE_SEQ,
-                ack_number: None,
-                ..SEND_TEMPL
-            }
-        );
+        let tcp_repr = TcpRepr {
+            control: TcpControl::Rst,
+            seq_number: REMOTE_SEQ,
+            ack_number: None,
+            ..SEND_TEMPL
+        };
+        assert!(!s.socket.accepts(&mut s.cx, &SEND_IP_TEMPL, &tcp_repr));
         assert_eq!(s.state, State::Listen);
     }
 
