Re: Security Alert: IP Fragments of Death (fwd)

Matthew Kirkwood (weejock@ferret.lmh.ox.ac.uk)
Sat, 15 Nov 1997 07:22:33 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Gabriele Paciucci: "Re: fs mailing list"
Previous message: kwrohrer@enteract.com: "Re: knfsd and system crashes"

Hi,

I've heard some bad things about a box killing exploit that
relies on a kernel buffer overrun in ip_fraqment.c, and that
the appended patch is in 2.0.32-pre4.

If these nasty rumours are true, could an equivalent make it
into 2.1.65?

Cheers,
Matthew.

--- linux/net/ipv4/ip_fragment.c~ Tue Jul 15 16:35:10 1997
+++ linux/net/ipv4/ip_fragment.c Fri Nov 14 09:37:35 1997
@@ -582,7 +582,9 @@
*/

tfp = NULL;
- tfp = ip_frag_create(offset, end, skb, ptr);
+
+ if(offset<end)
+ tfp = ip_frag_create(offset, end, skb, ptr);

/*
* No memory to save the fragment - so throw the lot. If we

Next message: Gabriele Paciucci: "Re: fs mailing list"
Previous message: kwrohrer@enteract.com: "Re: knfsd and system crashes"