Date: Sat, 23 Nov 1996 18:50:25 PST From: Bill Fenner <fenner@parc.xerox.com> To: Tom Samplonius <tom@sdf.com> Cc: Jaye Mathisen <mrcpu@cdsnet.net>, hackers@freebsd.org Subject: Re: Has anybody addressed this "ping" problem? Is it even an issue with FreeBSD? Message-ID: <96Nov23.185034pst.177557@crevenia.parc.xerox.com> In-Reply-To: Your message of "Fri, 22 Nov 96 20:06:21 PST." <Pine.NEB.3.94.961122195935.5812A-100000@misery.sdf.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.NEB.3.94.961122195935.5812A-100000@misery.sdf.com> you write: > The BSD codebase has always been free of this bug (well I can't actually >speak about pre-4.3 versions, but I doubt any still exist). That's not very true. You could never crash BSD with a 64k+ packet because BSD has always had signedness bugs that causes it to be unable to reassemble packets greater than 32k. However, many BSD's are vulnerable to the equivalent 32k+ packet. SunOS is not vulnerable to 32k+ packets because of a signed compare with the MTU (Oooh, this 32769 byte packet is smaller than the 1500 byte MTU, I'll send it directly) and luckily the network drivers are sufficiently robust to not fail when handed a ridiculously-sized packet to send. NeXTStep (about as 4.3-bsd as you can get) is vulnerable to 32k+ packets. NetBSD 1.1 is as well. The only reason FreeBSD is not vulnerable to this problem is because of a signed/unsigned bug in the check to see if the packet will fit into the interface queue (a check no other BSD has). So, to answer Jaye's original question, yes, someone has looked into it in some detail =) Bill
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?96Nov23.185034pst.177557>