[PATCH] 2.0-2.5 bug in ip_options_compile

From: Jeff DeFouw (defouwj@purdue.edu)
Date: Fri Sep 13 2002 - 17:08:38 EST

While reading about IP options, I found the IPOPT_END padding (cleaning)
in ip_options_compile (net/ipv4/ip_options.c) was not incrementing a
pointer. There should be an optptr++ in the for end-of-block statement
to go along with the l--, otherwise it's just comparing the same byte
for each l. Patch is against 2.4.19. From the kernel source browser
this bug is also in 2.5.31, 2.2.21, and 2.0.39.

--- linux/net/ipv4/ip_options.c.orig 2002-09-13 15:12:24.000000000 -0500
+++ linux/net/ipv4/ip_options.c 2002-09-13 15:12:50.000000000 -0500
@@ -266,7 +266,7 @@
         for (l = opt->optlen; l > 0; ) {
                 switch (*optptr) {
                       case IPOPT_END:
- for (optptr++, l--; l>0; l--) {
+ for (optptr++, l--; l>0; optptr++, l--) {
                                 if (*optptr != IPOPT_END) {
                                         *optptr = IPOPT_END;
                                         opt->is_changed = 1; 

-- 
Jeff DeFouw <defouwj@purdue.edu>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

This archive was generated by hypermail 2b29 : Sun Sep 15 2002 - 22:00:35 EST