[PATCH] Minor firewall fix for locally generated bogus IPs

Paul Rusty Russell (Paul.Russell@rustcorp.com.au)
Sat, 30 Jan 1999 16:17:11 +1130


[ Alan: very similar patch required for 2.0 kernels ]

Opening a raw socket and sending bogus IP packets gives unpredictable
firewall results; in particular, if logging of the packet is
attempted, a crash occurs.

This is minor, because only root can send these packets, but we
wouldn't want all those 37337 haX0r d00dz to crash their own boxes by
mistake.

Kudos to Jim Studt for tracking down the crash and the original patch.

Rusty.
--- net/ipv4/ip_fw.c.~1~ Thu Jan 14 11:51:36 1999
+++ net/ipv4/ip_fw.c Sat Jan 30 16:14:40 1999
@@ -32,6 +32,8 @@
* 3-Jan-1999: Fixed serious procfs security hole -- users should never
* be allowed to view the chains!
* Marc Santoro <ultima@snicker.emoti.com>
+ * 29-Jan-1999: Locally generated bogus IPs dealt with, rather than crash
+ * during dump_packet. --RR.
*/

/*
@@ -1660,6 +1662,10 @@
int ipfw_output_check(struct firewall_ops *this, int pf, struct device *dev,
void *phdr, void *arg, struct sk_buff **pskb)
{
+ /* Locally generated bogus packets by root. <SIGH>. */
+ if (((struct iphdr *)phdr)->ihl * 4 < sizeof(struct iphdr)
+ || (*pskb)->len < sizeof(struct iphdr))
+ return FW_ACCEPT;
return ip_fw_check(phdr, dev->name,
arg, IP_FW_OUTPUT_CHAIN, *pskb, SLOT_NUMBER(), 0);
}

--
 .sig lost in the mail.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/