netdev
[Top] [All Lists]

[PATCH] Minor bug.

To: netdev@xxxxxxxxxxx
Subject: [PATCH] Minor bug.
From: Rusty Russell <rusty@xxxxxxxxxxxxxxx>
Date: Wed, 14 Mar 2001 21:50:23 +1100
Sender: owner-netdev@xxxxxxxxxxx
We use a tailer on skbs, so accessing a few bytes over the end of the
skb will not crash the machine, but maybe one day it will.  Truncated
ICMP packets being forwarded which evoke ICMP errors will do this, if
my reading is correct.

This patch still returns an ICMP error on such truncated packets.  The
other choice would be to assume the worst, and return.

Just reading the code while on holidays...
Rusty.
--
Premature optmztion is rt of all evl. --DK

--- working-2.4.2-conntrack-fix/net/ipv4/icmp.c.~1~     Sat Aug  5 11:18:49 2000
+++ working-2.4.2-conntrack-fix/net/ipv4/icmp.c Wed Mar 14 18:24:32 2001
@@ -588,7 +588,8 @@
                /*
                 *      We are an error, check if we are replying to an ICMP 
error
                 */
-               if (iph->protocol==IPPROTO_ICMP) {
+               if (iph->protocol==IPPROTO_ICMP
+                   && skb_in->tail-(u8*)iph >= sizeof(struct icmphdr)) {
                        icmph = (struct icmphdr *)((char *)iph + (iph->ihl<<2));
                        /*
                         *      Assume any unknown ICMP type is an error. This 
isn't


<Prev in Thread] Current Thread [Next in Thread>