K 10
svn:author
V 7
glebius
K 8
svn:date
V 27
2016-01-14T10:22:45.356578Z
K 7
svn:log
V 360
There is a bug in tcp_output()'s implementation of the TCP_SIGNATURE
(RFC 2385/TCP-MD5) kernel option.

If a tcpcb has TF_NOOPT flag, then tcp_addoptions() is not called,
and to.to_signature is an uninitialized stack variable. The value
is later used as write offset, which leads to writing to random
address.

Submitted by:	rstone, jtl
Security:	SA-16:05.tcp

END