I found this in my email a few minuts ago. I immediatly tested
this on my system and to my horror it instantly rebooted.
It's been fixed for 2 days, relax, here is a patch, it just hasn't
made it's way into Linus's 2.1.x tree yet:
Index: net/ipv4/ip_fragment.c
===================================================================
RCS file: /vger/u4/cvs/linux/net/ipv4/ip_fragment.c,v
retrieving revision 1.33
retrieving revision 1.36
diff -u -r1.33 -r1.36
--- ip_fragment.c 1998/03/19 08:34:08 1.33
+++ ip_fragment.c 1998/04/18 02:13:07 1.36
@@ -5,7 +5,7 @@
*
* The IP fragmentation functionality.
*
- * Version: $Id: ip_fragment.c,v 1.33 1998/03/19 08:34:08 davem Exp $
+ * Version: $Id: ip_fragment.c,v 1.36 1998/04/18 02:13:07 davem Exp $
*
* Authors: Fred N. van Kempen <waltje@uWalt.NL.Mugnet.ORG>
* Alan Cox <Alan.Cox@linux.org>
@@ -346,10 +346,9 @@
memcpy(ptr, qp->iph, qp->ihlen);
ptr += qp->ihlen;
- count = 0;
-
/* Copy the data portions of all fragments into the new buffer. */
fp = qp->fragments;
+ count = qp->ihlen;
while(fp) {
if (fp->len < 0 || count+fp->len > skb->len) {
NETDEBUG(printk(KERN_ERR "Invalid fragment list: "
@@ -360,7 +359,7 @@
return NULL;
}
memcpy((ptr + fp->offset), fp->ptr, fp->len);
- if (!count) {
+ if (count == qp->ihlen) {
skb->dst = dst_clone(fp->skb->dst);
skb->dev = fp->skb->dev;
}
@@ -376,7 +375,7 @@
/* Done with all fragments. Fixup the new IP header. */
iph = skb->nh.iph;
iph->frag_off = 0;
- iph->tot_len = htons((iph->ihl * 4) + count);
+ iph->tot_len = htons(count);
ip_statistics.IpReasmOKs++;
return skb;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu