Date: Tue, 14 Apr 1998 07:32:45 -0700 (PDT) From: tqbf@secnet.com To: freebsd-gnats-submit@FreeBSD.ORG Subject: kern/6296: IP_HDRINCL sockets force header fields to be in host byte order Message-ID: <199804141432.HAA22353@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 6296 >Category: kern >Synopsis: IP_HDRINCL sockets force header fields to be in host byte order >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Apr 14 07:40:01 PDT 1998 >Last-Modified: >Originator: Thomas H. Ptacek >Organization: Secure Networks, Inc. >Release: 3.0-980311-SNAP >Environment: FreeBSD foo.rdist.org 3.0-980311-SNAP FreeBSD 3.0-980311-SNAP #1: Sun Mar 29 02:08:26 CST 1998 root@foo.rdist.org:/usr/src/sys/compile/RFORK i386 >Description: When writing a complete IP packet to the network via a raw socket with the IP_HDRINCL option set, the FreeBSD kernel incorrectly examines IP header fields (forgetting to ntohs() them) and thus forces those fields to be set in host byte order. This is particularly obvious with ip_len, which must be set correctly for the packet to be written to the network. >How-To-Repeat: Create a raw socket, set it HDRINCL, try to write out an ICMP ECHO_REQUEST packet with the IP packet length set (correctly) in network byte order, watch it fail. Set the packet length in host byte order. Watch it succeed. >Fix: The problem (or at least part of it) is in line 203 of raw_ip.c in netinet. The conditional checks the user-created IP header to ensure that header fields are valid; when it checks to make sure length is less than the buffer size and greater than the header length, it examines ip_len directly without ntohs()'ing it. >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804141432.HAA22353>