Home » Mailing list archives » linux-netdev » 2008 » July » 25

Re: [PATCH 5/6] dccp: Fix incorrect length check for ICMPv4 packets

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Gerrit Renker
Subject: Re: [PATCH 5/6] dccp: Fix incorrect length check for ICMPv4 packets
Date: Friday, July 25, 2008 - 3:25 am

| > -	if (skb->len < (iph->ihl << 2) + 8) {
| > +	if (skb->len < (iph->ihl << 2) + __dccp_basic_hdr_len(dh)) {
| >  		ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
| >  		return;
| >  	}
| 
| You can't dereference "dh" before you know there is even
| space past offset "iph->ihl << 2".  Yet that is what doing
| an unconditional __dccp_basic_hdr_len() call here is going
| to do.
| 
Oh that was my fault. Thanks a lot for pointing this out.

Will work out a fixed/improved version for both patches,
test and then resubmit.

Gerrit
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[net-2.6 PATCH 0/6] dccp: ICMP bug fixes by Wei Yongjun, Gerrit Renker, (Fri Jul 25, 2:02 am)
[PATCH 1/6] dccp: Allow to distinguish original and retran ..., Gerrit Renker, (Fri Jul 25, 2:02 am)
[PATCH 2/6] dccp: Bug-Fix - AWL was never updated, Gerrit Renker, (Fri Jul 25, 2:02 am)
[PATCH 3/6] dccp: Fix sequence number check for ICMPv4 packets, Gerrit Renker, (Fri Jul 25, 2:02 am)
[PATCH 4/6] dccp: Add check for sequence number in ICMPv6 ..., Gerrit Renker, (Fri Jul 25, 2:02 am)
[PATCH 5/6] dccp: Fix incorrect length check for ICMPv4 pa ..., Gerrit Renker, (Fri Jul 25, 2:02 am)
[PATCH 6/6] dccp: Add check for truncated ICMPv6 DCCP erro ..., Gerrit Renker, (Fri Jul 25, 2:02 am)
Re: [PATCH 5/6] dccp: Fix incorrect length check for ICMPv ..., David Miller, (Fri Jul 25, 2:51 am)
Re: [net-2.6 PATCH 0/6] dccp: ICMP bug fixes by Wei Yongjun, David Miller, (Fri Jul 25, 2:52 am)
Re: [PATCH 5/6] dccp: Fix incorrect length check for ICMPv ..., Gerrit Renker, (Fri Jul 25, 3:25 am)
v2 [net-2.6 PATCH 0-4/7] dccp: Revised ICMP bug fixes, Gerrit Renker, (Fri Jul 25, 7:28 am)
[PATCH 5/7] dccp: Pulling 12 bytes is necessary but not su ..., Gerrit Renker, (Fri Jul 25, 7:29 am)
v2 [PATCH 6/7] dccp: Fix incorrect length check for ICMPv4 ..., Gerrit Renker, (Fri Jul 25, 7:30 am)
v2 [PATCH 7/7] dccp: Add check for truncated ICMPv6 DCCP e ..., Gerrit Renker, (Fri Jul 25, 7:31 am)
[pull-request] [net-2.6 PATCH 0/6] dccp: Revised ICMP / le ..., Gerrit Renker, (Sat Jul 26, 4:22 am)
Re: [pull-request] [net-2.6 PATCH 0/6] dccp: Revised ICMP ..., David Miller, (Sun Jul 27, 5:03 am)