From: Patrick McHardy <[EMAIL PROTECTED]>
Date: Mon, 14 Jan 2008 07:09:22 +0100
> But I agree to your suggestion, that will allow us to properly
> handle packets with IP options. I'll take care of this.
Thanks a lot Patrick.
--
To unsubscribe from this list: send the line "unsubscribe
Herbert Xu wrote:
Patrick, please have a look at the former. In fact it's not just
that ihl may be bogus (which might be harmless as long as the REJECT
hook only gets called from within the IP stack), I think REJECT would
also do the wrong thing if the packet had IP options. So perhaps we
Herbert Xu wrote:
Patrick, please have a look at the former. In fact it's not just
that ihl may be bogus (which might be harmless as long as the REJECT
hook only gets called from within the IP stack), I think REJECT would
also do the wrong thing if the packet had IP options. So perhaps we
From: Patrick McHardy [EMAIL PROTECTED]
Date: Mon, 14 Jan 2008 07:09:22 +0100
But I agree to your suggestion, that will allow us to properly
handle packets with IP options. I'll take care of this.
Thanks a lot Patrick.
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
From: Herbert Xu <[EMAIL PROTECTED]>
Date: Sun, 06 Jan 2008 11:22:04 +1100
> [IPV4] raw: Strengthen check on validity of iph->ihl
>
> We currently check that iph->ihl is bounded by the real length and that
> the real length is greater than the minimum IP header length. However,
> we did not
On Sun, Jan 06, 2008 at 02:02:14AM +, Al Viro wrote:
>
> E.g. what about ipt_REJECT.c::send_reset()? Or myri10ge_get_frag_header()?
Yes both look wrong.
Patrick, please have a look at the former. In fact it's not just
that ihl may be bogus (which might be harmless as long as the REJECT
On Sun, Jan 06, 2008 at 11:22:04AM +1100, Herbert Xu wrote:
> Actually if you read the code for ip_fast_csum it's obvious what has
> happened. %o1 == iph->ihl contains the value 2 which is bogus.
>
> [IPV4] raw: Strengthen check on validity of iph->ihl
>
> We currently check that iph->ihl is
On Sun, Jan 06, 2008 at 01:57:13AM +0100, Jan Engelhardt wrote:
>
> >@@ -304,7 +305,8 @@ static int raw_send_hdrinc(struct sock *sk, void *from,
> >size_t length,
> > goto error_fault;
> >
> > /* We don't modify invalid header */
> >-if (length >= sizeof(*iph) && iph->ihl *
On Jan 6 2008 11:22, Herbert Xu wrote:
>@@ -271,6 +271,7 @@ static int raw_send_hdrinc(struct sock *sk, void *from,
>size_t length,
> int hh_len;
> struct iphdr *iph;
> struct sk_buff *skb;
>+ unsigned int iphlen;
> int err;
>
> if (length >
Al Viro <[EMAIL PROTECTED]> wrote:
>
> ip_fast_csum() called from raw_send_hdrinc() from raw_sendmsg() ran through
> the page boundary into unmapped page... Bloody odd, that, seeing that
> we have checked iph->ihl * 4U <= length and had done
>err = memcpy_fromiovecend((void *)iph, from,
On Fri, Jan 04, 2008 at 06:37:36PM +0100, Mariusz Kozlowski wrote:
> Hello,
>
> This comes from the Linus latest linux-2.6 tree. Randomly happened.
> Can't reproduce that. More info below.
ip_fast_csum() called from raw_send_hdrinc() from raw_sendmsg() ran through
the page boundary into
On Fri, Jan 04, 2008 at 06:37:36PM +0100, Mariusz Kozlowski wrote:
Hello,
This comes from the Linus latest linux-2.6 tree. Randomly happened.
Can't reproduce that. More info below.
ip_fast_csum() called from raw_send_hdrinc() from raw_sendmsg() ran through
the page boundary into
Al Viro [EMAIL PROTECTED] wrote:
ip_fast_csum() called from raw_send_hdrinc() from raw_sendmsg() ran through
the page boundary into unmapped page... Bloody odd, that, seeing that
we have checked iph-ihl * 4U = length and had done
err = memcpy_fromiovecend((void *)iph, from, 0,
On Jan 6 2008 11:22, Herbert Xu wrote:
@@ -271,6 +271,7 @@ static int raw_send_hdrinc(struct sock *sk, void *from,
size_t length,
int hh_len;
struct iphdr *iph;
struct sk_buff *skb;
+ unsigned int iphlen;
int err;
if (length rt-u.dst.dev-mtu) {
@@
On Sun, Jan 06, 2008 at 01:57:13AM +0100, Jan Engelhardt wrote:
@@ -304,7 +305,8 @@ static int raw_send_hdrinc(struct sock *sk, void *from,
size_t length,
goto error_fault;
/* We don't modify invalid header */
-if (length = sizeof(*iph) iph-ihl * 4U = length) {
+
On Sun, Jan 06, 2008 at 11:22:04AM +1100, Herbert Xu wrote:
Actually if you read the code for ip_fast_csum it's obvious what has
happened. %o1 == iph-ihl contains the value 2 which is bogus.
[IPV4] raw: Strengthen check on validity of iph-ihl
We currently check that iph-ihl is bounded by
On Sun, Jan 06, 2008 at 02:02:14AM +, Al Viro wrote:
E.g. what about ipt_REJECT.c::send_reset()? Or myri10ge_get_frag_header()?
Yes both look wrong.
Patrick, please have a look at the former. In fact it's not just
that ihl may be bogus (which might be harmless as long as the REJECT
hook
From: Herbert Xu [EMAIL PROTECTED]
Date: Sun, 06 Jan 2008 11:22:04 +1100
[IPV4] raw: Strengthen check on validity of iph-ihl
We currently check that iph-ihl is bounded by the real length and that
the real length is greater than the minimum IP header length. However,
we did not check the
Hello,
This comes from the Linus latest linux-2.6 tree. Randomly happened.
Can't reproduce that. More info below.
Unable to handle kernel paging request at virtual address be286000
tsk->{mm,active_mm}->context = 0eae
tsk->{mm,active_mm}->pgd = f800be0e4000
Hello,
This comes from the Linus latest linux-2.6 tree. Randomly happened.
Can't reproduce that. More info below.
Unable to handle kernel paging request at virtual address be286000
tsk-{mm,active_mm}-context = 0eae
tsk-{mm,active_mm}-pgd = f800be0e4000
20 matches
Mail list logo