Date: Tue, 06 Oct 1998 11:58:21 -0600 From: Brett Glass <brett@lariat.org> To: Robert Watson <robert+freebsd@cyrus.watson.org>, Michael Richards <026809r@dragon.acadiau.ca> Cc: security@FreeBSD.ORG Subject: Re: Large packets? Message-ID: <4.1.19981006115624.04198290@mail.lariat.org> In-Reply-To: <Pine.BSF.3.96.981006124233.15295M-100000@fledge.watson.org > References: <199810061502.MAA01110@dragon.acadiau.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:47 PM 10/6/98 -0400, Robert Watson wrote: >In theory. :) The maximum size of an IP packet is indeed 64k, but some >implementations don't check that the fragments being reassembled actually >add up to the correct length, so they just past the fragments one after >another, off the end of the buffer, onto the floor. Or rather, onto other >pieces of memory resulting in corruption. This is the "Ping of Death." The problem is that many developers, wanting their network code to be fast, aren't doing bounds checking on network buffers. Of course, ANYTHING you receive off the Net should be treated as highly suspicious. The code should be TOTALLY paranoid. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19981006115624.04198290>