large ping patch for v1.2.13

Paul Gortmaker (Paul.Gortmaker@anu.edu.au)
Thu, 24 Oct 1996 14:44:23 +1000 (EST)

So as not to be like the slowlaris types who abandon old releases of
their OS, I am including a v1.2 version of Alan's oversized packet patch.
There are still *many* sites and CD-ROMs out there that use v1.2

FWIW, I couldn't manage to reboot a system with a v1.2.13 kernel using
this exploit. Yet the same machine with v2.0.23 and v2.1.5 (w/o Alan's
patch) happily flashed neat colours on the screen and then rebooted.
I was using my own program to send the nastygram, and not win95 ping,
but that shouldn't matter.

Also note that v1.2 doesn't have frag_k{free/malloc}_skb functions
since the accounting of RAM eaten by frag queues went into v1.3.
Just in case someone was looking at the two patches and wondering...

Paul.

------------------------------------------------

--- linux/net/inet/ip.c~ Thu Oct 24 14:21:12 1996
+++ linux/net/inet/ip.c Thu Oct 24 14:23:14 1996
@@ -949,6 +949,17 @@
}

/*
+ * Block an attempt to construct an oversize packet.
+ */
+
+ if(ntohs(iph->tot_len)+(int)offset>65535) {
+ skb->sk = NULL;
+ kfree_skb(skb, FREE_READ);
+ ip_statistics.IpReasmFails++;
+ return NULL;
+ }
+
+ /*
* Determine the position of this fragment.
*/