From 574bd6e5aa57b971db7b347b8ad761342be9a02c Mon Sep 17 00:00:00 2001
From: duckpowerMB <ericwudesigner@gmail.com>
Date: Thu, 9 Sep 2021 16:52:55 +0800
Subject: [PATCH] tcp_in : fix ooseq update error

if a pbuf received with the same seqno in ooseq ,
we then check  the size and replace the existing one
with the larger one,but if the existing one is the
last segment in ooseq ,it might has been trimed before.
the replacing action will overrun our receive windows

see patch #10106 and bug #56397
---
 src/core/tcp_in.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/core/tcp_in.c b/src/core/tcp_in.c
index c7a1f7b7..de64464d 100644
--- a/src/core/tcp_in.c
+++ b/src/core/tcp_in.c
@@ -1687,6 +1687,15 @@ tcp_receive(struct tcp_pcb *pcb)
                  ->ooseq. We check the lengths to see which one to
                  discard. */
               if (inseg.len > next->len) {
+
+                /* If next segment is the last segment in ooseq
+                   and smaller than inseg, that means it has been
+                   trimmed before to fit our window, so we just
+                   break here. */
+                if (next->next == NULL) {
+                  break;
+                }
+
                 /* The incoming segment is larger than the old
                    segment. We replace some segments with the new
                    one. */