On Sat, 11 Dec 1999, visi0n wrote: > In my last mail I'd posted a patch for kernel 2.0.38, that was >made against a modified socket.c you need this one for the original kernel >(2.0.38). Sorry... > >@@ -966,8 +966,9 @@ > struct msghdr msg; > struct iovec iov; > >- if(len<0) >+ if(len < 0 || len >= 65468) > return -EINVAL; >+ > err=verify_area(VERIFY_READ,buff,len); > if(err) > return err; The above patch doesn't fix the bug, because you can still use the other kernel entry points send/sendmsg to feed a big payload ip_build_xmit. Also note that you don't need to restrict to 65467 bytes the max size of a packet when the ip options are < 40 bytes. Andrea
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:21:03 PDT