Date: Fri, 13 Sep 2002 20:03:14 +0400 (MSD) From: Maxim Konovalov <maxim@macomnet.ru> To: freebsd-net@freebsd.org Subject: ip_output() problem with a large packets and IP_OPTIONS Message-ID: <20020913194115.F94274-100000@news1.macomnet.ru>
next in thread | raw e-mail | index | archive | help
Hello -net,
There is a problem when there is no room for ip options and
ip_insertoptions() fails. ip_output() does not initialize len and
doesn't check what ip_insertoptions() returns. This behaviour leads to
a panic when you are trying to send 65507 bytes packet and
setsockopt(IP_OPTIONS). Please review a patch below:
Index: sys/netinet/ip_output.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_output.c,v
retrieving revision 1.163
diff -u -r1.163 ip_output.c
--- sys/netinet/ip_output.c 31 Jul 2002 17:21:01 -0000 1.163
+++ sys/netinet/ip_output.c 13 Sep 2002 15:14:31 -0000
@@ -141,6 +141,7 @@
int rv;
#endif /* PFIL_HOOKS */
+ len = 0;
args.eh = NULL;
args.rule = NULL;
args.next_hop = NULL;
@@ -199,7 +200,8 @@
if (opt) {
m = ip_insertoptions(m, opt, &len);
- hlen = len;
+ if (len >= sizeof(struct ip))
+ hlen = len;
}
ip = mtod(m, struct ip *);
pkt_dst = args.next_hop ? args.next_hop->sin_addr : ip->ip_dst;
%%%
--
Maxim Konovalov, MAcomnet, Internet Dept., system engineer
phone: +7 (095) 796-9079, mailto:maxim@macomnet.ru
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020913194115.F94274-100000>