Re: Frozen linux 1.3.84

Rob Janssen reading Linux mailinglist (linux@pe1chl.ampr.org)
Mon, 8 Apr 1996 23:15:49 +0200 (MET DST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Corey Brenner: "Adaptec 2940UW Woes... part II"
Previous message: jhenders@bogon.com: "Re: "IP Masquerading for applications""

According to Linus Torvalds:
> > Consider the case when the packet has an option length of 0 for an
> > option which falls into the "default" case but the packet claims to
> > have (say) 8 bytes of IP options.
>
> Right. Does the lockup go away if you add a test for zero optlen in
> ip_options.c, line 277. Pseudo-patch:
>
> continue;
> }
> optlen = optptr[1];
> - if (l<2 || optlen>l)
> + if (l<2 || optlen>l || !optlen)
> {
> pp_ptr = optptr;
> break;
>
> (or something to that effect..) Does that fix it?
>
> Linus

In fact, value 1 is illegal for optlen as well. "optlen < 2" is
a better check.
(the option length includes the option byte and the length field itself)

Rob

-- 
+------------------------------------+--------------------------------------+
| Rob Janssen         rob@knoware.nl | BBS: +31-302870036 (2300-0730 local) |
| AMPRnet:       rob@pe1chl.ampr.org | AX.25 BBS: PE1CHL@PI8WNO.#UTR.NLD.EU |
+------------------------------------+--------------------------------------+

Next message: Corey Brenner: "Adaptec 2940UW Woes... part II"
Previous message: jhenders@bogon.com: "Re: "IP Masquerading for applications""