Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Big problem on linux 2.0
From: andrea () SUSE DE (Andrea Arcangeli)
Date: Tue, 14 Dec 1999 23:09:36 +0100


On Sat, 11 Dec 1999, visi0n wrote:

      In my last mail I'd posted a patch for kernel 2.0.38, that  was
made against a modified socket.c you need this one for the original kernel
(2.0.38). Sorry...

@@ -966,8 +966,9 @@
       struct msghdr msg;
       struct iovec iov;

-       if(len<0)
+       if(len < 0 || len >= 65468)
               return -EINVAL;
+
       err=verify_area(VERIFY_READ,buff,len);
       if(err)
               return err;

The above patch doesn't fix the bug, because you can still use
the other kernel entry points send/sendmsg to feed a big payload
ip_build_xmit.

Also note that you don't need to restrict to 65467 bytes the max size of a
packet when the ip options are < 40 bytes.

Andrea


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault