People have been mailing me, indicating that the patchfile doesn't work.
Apparently, in posting it, some additional whitespace got munged in
there.
To combat this, try:
cp patchfile /usr/src/linux/net/ipv4
cd /usr/src/linux/net/ipv4
patch -l < patchfile
The patch was diffed against against a 2.0.31 kernel. It should work
on earlier 2.0.x kernels with no problem tho. If you missed it, here
it is again:
------[Begin] -- Helu Linux -------------------------------------------------
--- ip_fragment.c Mon Nov 10 14:58:38 1997
+++ ip_fragment.c.patched Mon Nov 10 19:18:52 1997
@@ -12,6 +12,7 @@
* Alan Cox : Split from ip.c , see ip_input.c for history.
* Alan Cox : Handling oversized frames
* Uriel Maimon : Accounting errors in two fringe cases.
+ * route : IP fragment overlap bug
*/
#include <linux/types.h>
@@ -578,6 +579,22 @@
frag_kfree_s(tmp, sizeof(struct ipfrag));
}
}
+
+ /*
+ * Uh-oh. Some one's playing some park shenanigans on us.
+ * IP fragoverlap-linux-go-b00m bug.
+ * route 11.3.97
+ */
+
+ if (offset > end)
+ {
+ skb->sk = NULL;
+ printk("IP: Invalid IP fragment (offset > end) found from %s\n", in_ntoa(iph->saddr));
+ kfree_skb(skb, FREE_READ);
+ ip_statistics.IpReasmFails++;
+ ip_free(qp);
+ return NULL;
+ }
/*
* Insert this fragment in the chain of fragments.
------[End] -- Helu Linux ----------------------------------------------------
EOF
--
human acquiescence is as easily obtained by terror as by temptation