patch-2.2.11 linux/net/ipv4/ip_fw.c

• Lines: 29
• Date: Mon Aug 9 12:05:05 1999
• Orig file: v2.2.10/linux/net/ipv4/ip_fw.c
• Orig date: Tue Jun 8 20:33:07 1999

diff -u --recursive --new-file v2.2.10/linux/net/ipv4/ip_fw.c linux/net/ipv4/ip_fw.c
@@ -37,6 +37,9 @@
  * 19-May-1999: Star Wars: The Phantom Menace opened.  Rule num
  *		printed in log (modified from Michael Hasenstein's patch).
  *		Added SYN in log message. --RR
+ * 23-Jul-1999: Fixed small fragment security exposure opened on 15-May-1998.
+ *              John McDonald <jm@dataprotect.com>
+ *              Thomas Lopatic <tl@dataprotect.com>
  */
 
 /*
@@ -645,6 +648,18 @@
 			size_req = 0;
 		}
 		offset = (ntohs(ip->tot_len) < (ip->ihl<<2)+size_req);
+
+		/* If it is a truncated first fragment then it can be
+		 * used to rewrite port information, and thus should
+		 * be blocked.
+		 */
+		if (offset && (ntohs(ip->frag_off) & IP_MF)) {
+			if (!testing && net_ratelimit()) {
+				printk("Suspect short first fragment.\n");
+				dump_packet(ip,rif,NULL,NULL,0,0,0,0);
+			}
+			return FW_BLOCK;
+		}
 	}
 
 	src = ip->saddr;