Why isn't this IP fragment patch in 2.1.105?

Kevin Buhr (buhr@stat.wisc.edu)
10 Jun 1998 22:11:52 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Derrik: "Re: 2.0.34 and menuconfig/DOS filesystem"
Previous message: David Burrows: "Kernel debugger anyone?"
Next in thread: David S. Miller: "Re: Why isn't this IP fragment patch in 2.1.105?"
Maybe reply: David S. Miller: "Re: Why isn't this IP fragment patch in 2.1.105?"

Some time ago, Alan, you posted a patch for 2.0.33 on BUGTRAQ. It
seems that the 2.0.32 bugfix to prevent teardrop attacks wasn't quite
right, and a slight variation ("nestea" might have been the name of
the exploit program) could crash 2.0.33.

For some reason, it looks like this patch isn't included in the latest
2.1.xxx kernels, even though I can't see why it shouldn't be. I've
attached the patch against 2.1.105.

Kevin <buhr@stat.wisc.edu>

* * *

--- linux-vanilla/net/ipv4/ip_fragment.c Fri Apr 17 22:30:13 1998
+++ linux-raspberry/net/ipv4/ip_fragment.c Tue Jun 9 19:56:35 1998
@@ -350,7 +350,7 @@
fp = qp->fragments;
count = qp->ihlen;
while(fp) {
- if (fp->len < 0 || count+fp->len > skb->len) {
+ if (fp->len < 0 || fp->offset+qp->ihlen+fp->len > skb->len) {
NETDEBUG(printk(KERN_ERR "Invalid fragment list: "
"Fragment over size.\n"));
ip_free(qp);

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Derrik: "Re: 2.0.34 and menuconfig/DOS filesystem"
Previous message: David Burrows: "Kernel debugger anyone?"
Next in thread: David S. Miller: "Re: Why isn't this IP fragment patch in 2.1.105?"
Maybe reply: David S. Miller: "Re: Why isn't this IP fragment patch in 2.1.105?"