Re: [PATCH 5/6] dccp: Fix incorrect length check for ICMPv4 packets | KernelTrap

Re: [PATCH 5/6] dccp: Fix incorrect length check for ICMPv4 packets

view
thread

!MAILaRCHIVE_VOTE_RePLACE

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Gerrit Renker <gerrit@...>

To: David Miller <davem@...>

Cc: <dccp@...>, <netdev@...>, <yjwei@...>

Subject: Re: [PATCH 5/6] dccp: Fix incorrect length check for ICMPv4 packets

Date: Friday, July 25, 2008 - 6:25 am

| > -	if (skb->len < (iph->ihl << 2) + 8) {
| > +	if (skb->len < (iph->ihl << 2) + __dccp_basic_hdr_len(dh)) {
| >  		ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
| >  		return;
| >  	}
| 
| You can't dereference "dh" before you know there is even
| space past offset "iph->ihl << 2".  Yet that is what doing
| an unconditional __dccp_basic_hdr_len() call here is going
| to do.
| 
Oh that was my fault. Thanks a lot for pointing this out.

Will work out a fixed/improved version for both patches,
test and then resubmit.

Gerrit
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[net-2.6 PATCH 0/6] dccp: ICMP bug fixes by Wei Yongjun, Gerrit Renker, (Fri Jul 25, 5:02 am)

v2 [net-2.6 PATCH 0-4/7] dccp: Revised ICMP bug fixes, Gerrit Renker, (Fri Jul 25, 10:28 am)

[pull-request] [net-2.6 PATCH 0/6] dccp: Revised ICMP / leng..., Gerrit Renker, (Sat Jul 26, 7:22 am)

Re: [pull-request] [net-2.6 PATCH 0/6] dccp: Revised ICMP / ..., David Miller, (Sun Jul 27, 8:03 am)

[PATCH 5/7] dccp: Pulling 12 bytes is necessary but not suff..., Gerrit Renker, (Fri Jul 25, 10:29 am)

v2 [PATCH 6/7] dccp: Fix incorrect length check for ICMPv4 p..., Gerrit Renker, (Fri Jul 25, 10:30 am)

v2 [PATCH 7/7] dccp: Add check for truncated ICMPv6 DCCP err..., Gerrit Renker, (Fri Jul 25, 10:31 am)

Re: [net-2.6 PATCH 0/6] dccp: ICMP bug fixes by Wei Yongjun, David Miller, (Fri Jul 25, 5:52 am)

[PATCH 1/6] dccp: Allow to distinguish original and retransm..., Gerrit Renker, (Fri Jul 25, 5:02 am)

[PATCH 2/6] dccp: Bug-Fix - AWL was never updated, Gerrit Renker, (Fri Jul 25, 5:02 am)

[PATCH 3/6] dccp: Fix sequence number check for ICMPv4 packets, Gerrit Renker, (Fri Jul 25, 5:02 am)

[PATCH 4/6] dccp: Add check for sequence number in ICMPv6 me..., Gerrit Renker, (Fri Jul 25, 5:02 am)

[PATCH 5/6] dccp: Fix incorrect length check for ICMPv4 pack..., Gerrit Renker, (Fri Jul 25, 5:02 am)

Re: [PATCH 5/6] dccp: Fix incorrect length check for ICMPv4 ..., David Miller, (Fri Jul 25, 5:51 am)

Re: [PATCH 5/6] dccp: Fix incorrect length check for ICMPv4 ..., Gerrit Renker, (Fri Jul 25, 6:25 am)

[PATCH 6/6] dccp: Add check for truncated ICMPv6 DCCP error ..., Gerrit Renker, (Fri Jul 25, 5:02 am)

Navigation

Popular discussions


linux-kernel:
Theodore Tso	Re: -mm merge plans for 2.6.23 -- sys_fallocate
Amit K. Arora	[RFC] Heads up on sys_fallocate()
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Greg Kroah-Hartman	[PATCH 011/196] sysfs: Fix a copy-n-paste typo in comment
git:

linux-netdev:
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
David Miller	Re: [GIT]: Networking
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Frans Pop	svc: failed to register lockdv1 RPC service (errno 97).
openbsd-misc:

Colocation donated by:

Who's online

There are currently 1 user and 883 guests online.

Online users

zeekec

Syndicate