patch-2.2.7 linux/net/ipv4/ip_fw.c
Next file: linux/net/ipv4/ip_input.c
Previous file: linux/net/ipv4/af_inet.c
Back to the patch index
Back to the overall index
- Lines: 20
- Date:
Thu Apr 22 19:45:19 1999
- Orig file:
v2.2.6/linux/net/ipv4/ip_fw.c
- Orig date:
Wed Jan 13 15:00:44 1999
diff -u --recursive --new-file v2.2.6/linux/net/ipv4/ip_fw.c linux/net/ipv4/ip_fw.c
@@ -32,6 +32,8 @@
* 3-Jan-1999: Fixed serious procfs security hole -- users should never
* be allowed to view the chains!
* Marc Santoro <ultima@snicker.emoti.com>
+ * 29-Jan-1999: Locally generated bogus IPs dealt with, rather than crash
+ * during dump_packet. --RR.
*/
/*
@@ -1660,6 +1662,10 @@
int ipfw_output_check(struct firewall_ops *this, int pf, struct device *dev,
void *phdr, void *arg, struct sk_buff **pskb)
{
+ /* Locally generated bogus packets by root. <SIGH>. */
+ if (((struct iphdr *)phdr)->ihl * 4 < sizeof(struct iphdr)
+ || (*pskb)->len < sizeof(struct iphdr))
+ return FW_ACCEPT;
return ip_fw_check(phdr, dev->name,
arg, IP_FW_OUTPUT_CHAIN, *pskb, SLOT_NUMBER(), 0);
}
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)