From owner-freebsd-net  Fri Sep 13  9: 3:22 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 67EEE37B406
	for <freebsd-net@freebsd.org>; Fri, 13 Sep 2002 09:03:18 -0700 (PDT)
Received: from relay1.macomnet.ru (relay1.macomnet.ru [195.128.64.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 39C4E43E6A
	for <freebsd-net@freebsd.org>; Fri, 13 Sep 2002 09:03:16 -0700 (PDT)
	(envelope-from maxim@macomnet.ru)
Received: from news1.macomnet.ru (news1.macomnet.ru [195.128.64.14])
	by relay1.macomnet.ru (8.11.6/8.11.6) with ESMTP id g8DG3EH1029915
	for <freebsd-net@freebsd.org>; Fri, 13 Sep 2002 20:03:14 +0400 (MSD)
Date: Fri, 13 Sep 2002 20:03:14 +0400 (MSD)
From: Maxim Konovalov <maxim@macomnet.ru>
X-X-Sender: Maxim Konovalov <maxim@macomnet.ru>
To: freebsd-net@freebsd.org
Subject: ip_output() problem with a large packets and IP_OPTIONS
Message-ID: <20020913194115.F94274-100000@news1.macomnet.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org


Hello -net,

There is a problem when there is no room for ip options and
ip_insertoptions() fails. ip_output() does not initialize len and
doesn't check what ip_insertoptions() returns. This behaviour leads to
a panic when you are trying to send 65507 bytes packet and
setsockopt(IP_OPTIONS). Please review a patch below:

Index: sys/netinet/ip_output.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_output.c,v
retrieving revision 1.163
diff -u -r1.163 ip_output.c
--- sys/netinet/ip_output.c	31 Jul 2002 17:21:01 -0000	1.163
+++ sys/netinet/ip_output.c	13 Sep 2002 15:14:31 -0000
@@ -141,6 +141,7 @@
 	int rv;
 #endif /* PFIL_HOOKS */

+	len = 0;
 	args.eh = NULL;
 	args.rule = NULL;
 	args.next_hop = NULL;
@@ -199,7 +200,8 @@

 	if (opt) {
 		m = ip_insertoptions(m, opt, &len);
-		hlen = len;
+		if (len >= sizeof(struct ip))
+			hlen = len;
 	}
 	ip = mtod(m, struct ip *);
 	pkt_dst = args.next_hop ? args.next_hop->sin_addr : ip->ip_dst;

%%%

-- 
Maxim Konovalov, MAcomnet, Internet Dept., system engineer
phone: +7 (095) 796-9079, mailto:maxim@macomnet.ru


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message