IP fragment overlap bug

[Ondrej Palkovsky]

Jan Vycudilik wrote:

> Viz vcerejsi svet namodro (http://modrysvet.codalan.cz/)
> Kamarad si to u me vyzkousel a opravdu to funguje (i na 2.0.32) :(
> Novejsi jadro jeste neni, ze ?

No, ja jsem se nahodou podival do 2.0.32 patche a vidim:

diff -u --recursive --new-file v2.0.31/linux/net/ipv4/ip_fragment.c linux/net/ip
v4/ip_fragment.c
--- v2.0.31/linux/net/ipv4/ip_fragment.c        Tue Aug 12 11:30:25 1997
+++ linux/net/ipv4/ip_fragment.c        Thu Nov 13 05:58:30 1997
@@ -375,7 +375,7 @@
        fp = qp->fragments;
        while(fp != NULL)
        {
-               if(count+fp->len > skb->len)
+               if (fp->len < 0 || count+fp->len > skb->len)
                {
                        NETDEBUG(printk("Invalid fragment list: Fragment over si
ze.\n"));
                        ip_free(qp);

... takze 2.0.32 by mela byt v poradku....
Ondrej