Date: Fri, 13 Sep 2002 20:03:14 +0400 (MSD) From: Maxim Konovalov <maxim@macomnet.ru> To: freebsd-net@freebsd.org Subject: ip_output() problem with a large packets and IP_OPTIONS Message-ID: <20020913194115.F94274-100000@news1.macomnet.ru>
next in thread | raw e-mail | index | archive | help
Hello -net, There is a problem when there is no room for ip options and ip_insertoptions() fails. ip_output() does not initialize len and doesn't check what ip_insertoptions() returns. This behaviour leads to a panic when you are trying to send 65507 bytes packet and setsockopt(IP_OPTIONS). Please review a patch below: Index: sys/netinet/ip_output.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_output.c,v retrieving revision 1.163 diff -u -r1.163 ip_output.c --- sys/netinet/ip_output.c 31 Jul 2002 17:21:01 -0000 1.163 +++ sys/netinet/ip_output.c 13 Sep 2002 15:14:31 -0000 @@ -141,6 +141,7 @@ int rv; #endif /* PFIL_HOOKS */ + len = 0; args.eh = NULL; args.rule = NULL; args.next_hop = NULL; @@ -199,7 +200,8 @@ if (opt) { m = ip_insertoptions(m, opt, &len); - hlen = len; + if (len >= sizeof(struct ip)) + hlen = len; } ip = mtod(m, struct ip *); pkt_dst = args.next_hop ? args.next_hop->sin_addr : ip->ip_dst; %%% -- Maxim Konovalov, MAcomnet, Internet Dept., system engineer phone: +7 (095) 796-9079, mailto:maxim@macomnet.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020913194115.F94274-100000>