From owner-freebsd-security Tue Aug 1 17:39: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with SMTP id 4F5DB37B5E5 for ; Tue, 1 Aug 2000 17:39:00 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 36757 invoked by uid 1000); 2 Aug 2000 00:38:58 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 2 Aug 2000 00:38:58 -0000 Date: Tue, 1 Aug 2000 19:38:58 -0500 (CDT) From: Mike Silbersack To: security@freebsd.org Subject: Ip packet filtering with bridging on freebsd (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org AFAIK, you found the bug(s), know what they are, know how to fix them, and have commit access, Darren. So why did you take the script-kiddie route and mail bugtraq before any hint of a patch appeared? Mike "Silby" Silbersack ---------- Forwarded message ---------- Date: Tue, 1 Aug 2000 07:14:50 +1000 From: Darren Reed To: BUGTRAQ@SECURITYFOCUS.COM Subject: Ip packet filtering with bridging on freebsd If someone is doing packet filtering using ipfw to do packet filtering with a FreeBSD box configured to do bridging, it is relatively easy to make the box go "boom" as none of the standard header sanity checks are done prior to the filter routine being called (check /sys/net/bridge.c) It is a feature "copied" from OpenBSD but somehow large amounts of code were not copied and bugs resulted. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message