IP fragment overlap bug

Středa Listopad 19 11:35:09 CET 1997

Viz vcerejsi svet namodro (http://modrysvet.codalan.cz/)
Kamarad si to u me vyzkousel a opravdu to funguje (i na 2.0.32) :(
Novejsi jadro jeste neni, ze ?

Patch pro linux/net/ipv4/ip_fragment.c posilam zaroven.

h/v
------------- další část ---------------
*** ip_fragment.c.orig	Wed Nov 19 10:37:50 1997
--- ip_fragment.c	Wed Nov 19 01:27:43 1997
***************
*** 12,17 ****
--- 12,18 ----
   *		Alan Cox	:	Split from ip.c , see ip_input.c for history.
   *		Alan Cox	:	Handling oversized frames
   *		Uriel Maimon	:	Accounting errors in two fringe cases.
+  * route : IP fragment overlap bug
   */

  #include <linux/types.h>
***************
*** 577,582 ****
--- 578,599 ----
  		}
  	}

+ 
+        /*
+         * Uh-oh. Some one's playing some park shenanigans on us.
+         * IP fragoverlap-linux-go-b00m bug.
+         * route 11.3.97
+         */
+ 
+         if (offset > end)
+             {
+                  skb->sk = NULL;
+                  printk("IP: Invalid IP fragment (offset > end) found from %s\n", in_ntoa(iph->saddr));
+                  kfree_skb(skb, FREE_READ);
+                  ip_statistics.IpReasmFails++;
+                  ip_free(qp);
+                  return NULL;
+             }
  	/*
  	 *	Insert this fragment in the chain of fragments.
  	 */