Project

General

Profile

Actions

Bug #1154

closed

fix ip_input m_len assertion

Added by sepherosa about 16 years ago. Updated about 16 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

Hi all,

Following patch fixes:
- The assertion in ip_input, should test sizeof(struct ip) instead of sizeof(ip)
- Make sure that ip_input's precondition meets in ip_localforward
- Don't allow raw ip socket to send ip packet whose header length is
less than the minimum

http://leaf.dragonflybsd.org/~sephe/ip_assert.diff

Please test/review.

Best Regards,
sephe

Actions #1

Updated by nthery about 16 years ago

The diff looks fine to me (but I don't know much about networking).

Out of curiosity in ip_localforward(), how can the packet be freed
while we are trying to forward it?

+ /* The packet was freed; we are done */

Cheers,
Nicolas

Actions #2

Updated by sepherosa about 16 years ago

Above comment is in following code block:
+ if (m->m_len < hlen) {
+ m = m_pullup(m, hlen);
+ if (m == NULL) {
+ /* The packet was freed; we are done */
+ return 1;
+ }
+ }

If m_pullup failed ('m' is freed), then we lost the mbuf, so we could
not return 0 to let ip_output keep going.

Best Regards,
sephe

Actions #3

Updated by aoiko about 16 years ago

committed by sephe@

Actions

Also available in: Atom PDF