Bugtraq mailing list archives
The Linux patch.
From: route () RESENTMENT INFONEXUS COM (G P R)
Date: Fri, 14 Nov 1997 11:06:23 -0800
Regarding the Linux IP fragment problem/exploit/patch: People have been mailing me, indicating that the patchfile doesn't work. Apparently, in posting it, some additional whitespace got munged in there. To combat this, try: cp patchfile /usr/src/linux/net/ipv4 cd /usr/src/linux/net/ipv4 patch -l < patchfile The patch was diffed against against a 2.0.31 kernel. It should work on earlier 2.0.x kernels with no problem tho. If you missed it, here it is again: ------[Begin] -- Helu Linux ------------------------------------------------- --- ip_fragment.c Mon Nov 10 14:58:38 1997 +++ ip_fragment.c.patched Mon Nov 10 19:18:52 1997 @@ -12,6 +12,7 @@ * Alan Cox : Split from ip.c , see ip_input.c for history. * Alan Cox : Handling oversized frames * Uriel Maimon : Accounting errors in two fringe cases. + * route : IP fragment overlap bug */ #include <linux/types.h> @@ -578,6 +579,22 @@ frag_kfree_s(tmp, sizeof(struct ipfrag)); } } + + /* + * Uh-oh. Some one's playing some park shenanigans on us. + * IP fragoverlap-linux-go-b00m bug. + * route 11.3.97 + */ + + if (offset > end) + { + skb->sk = NULL; + printk("IP: Invalid IP fragment (offset > end) found from %s\n", in_ntoa(iph->saddr)); + kfree_skb(skb, FREE_READ); + ip_statistics.IpReasmFails++; + ip_free(qp); + return NULL; + } /* * Insert this fragment in the chain of fragments. ------[End] -- Helu Linux ---------------------------------------------------- EOF -- human acquiescence is as easily obtained by terror as by temptation
Current thread:
- digital unix 4.0 hole, (continued)
- digital unix 4.0 hole John McDonald (Nov 14)
- What to do when you forget your cisco LD password... Dustin Sallings (Nov 13)
- Re: What to do when you forget your cisco LD password... John Bashinski (Nov 14)
- Re: Safe /tmp cleanup Erik Troan (Nov 13)
- Linux IP fragment overlap bug G P R (Nov 13)
- Re: Linux IP fragment overlap bug Alan Cox (Nov 14)
- Re: Linux IP fragment overlap bug Vadim Kolontsov (Nov 14)
- Re: Linux IP fragment overlap bug David LeBlanc (Nov 14)
- Re: Linux IP fragment overlap bug Morbid Dead Guy (Nov 16)
- Windows 95 IP Fragmentation Bug Fix? Aleph One (Nov 17)
- The Linux patch. G P R (Nov 14)
- The overlapping fragment bug Alan Cox (Nov 14)
- Re: The overlapping fragment bug Philippe Strauss (Nov 14)
- Re: The overlapping fragment bug G P R (Nov 15)
- Pentium processor invalid instruction erratum Aleph One (Nov 14)
- Software backgrounder Aleph One (Nov 14)
- BSDI patch for Pentium workaround has problems Charles M. Hannum (Nov 14)
- Re: L0pht Advisory: IE4.0 David LeBlanc (Nov 10)
- Re: L0pht Advisory: IE4.0 rene () NS VIA NL (Nov 11)
- Intel Pentium Bug: Workaround (1st lvl cache) Ralf Rudolph (Nov 11)