Date: Thu, 11 Apr 1996 11:32:15 +0400 (MSD) From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) <ache@astral.msk.su> To: davidg@freefall.freebsd.org (David Greenman) Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-sys@freefall.freebsd.org Subject: Re: cvs commit: src/sys/net slcompress.c Message-ID: <199604110732.LAA01702@astral.msk.su> In-Reply-To: <199604110646.XAA15145@freefall.freebsd.org> from "David Greenman" at "Apr 10, 96 11:46:26 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> davidg 96/04/10 23:46:26 > > Modified: sys/net slcompress.c > Log: > When cslip gets an uncompressed packet, it attempts to save off the TCP/IP > header for use in decompressing subsequant packets. If cslip gets garbage > (such as what happens when there is a port speed mismatch or modem line > noise), it will occasionally mistake the packet as a valid uncompressed > packet. When it tries to save off the header, it doesn't bother to check > for the validity of the header length and will happily clobber not only > the cslip data structure, but parts of other kernel memory that happens > to follow it...causing, ahem, undesired behavior. David, can you please also fix it in usr.sbin/ppp/slcompress.c? (if the bug present there) -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604110732.LAA01702>