Re: Big problem on linux 2.0

From: Andrea Arcangeli (andreaat_private)
Date: Tue Dec 14 1999 - 14:09:36 PST

Next message: Ussr Labs: "Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70"

Previous message: Andrea Arcangeli: "[patch] Re: Big problem on 2.0.x?"
Maybe in reply to: visi0n: "Big problem on linux 2.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 11 Dec 1999, visi0n wrote:

>	In my last mail I'd posted a patch for kernel 2.0.38, that  was
>made against a modified socket.c you need this one for the original kernel
>(2.0.38). Sorry...
>
>@@ -966,8 +966,9 @@
>        struct msghdr msg;
>        struct iovec iov;
>
>-       if(len<0)
>+       if(len < 0 || len >= 65468)
>                return -EINVAL;
>+
>        err=verify_area(VERIFY_READ,buff,len);
>        if(err)
>                return err;

The above patch doesn't fix the bug, because you can still use
the other kernel entry points send/sendmsg to feed a big payload
ip_build_xmit.

Also note that you don't need to restrict to 65467 bytes the max size of a
packet when the ip options are < 40 bytes.

Andrea

Next message: Ussr Labs: "Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70"
Previous message: Andrea Arcangeli: "[patch] Re: Big problem on 2.0.x?"
Maybe in reply to: visi0n: "Big problem on linux 2.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:21:03 PDT