|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Big problem on linux 2.0
Subject: Re: Big problem on linux 2.0
From: Andrea Arcangeli (andrea
SUSE.DE)
Date: Tue Dec 14 1999 - 16:09:36 CST
- Next message: Malartre: "Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability"
- Previous message: Pavel Machek: "Re: sshd1 allows unencrypted sessions regardless of server policy"
- In reply to: visi0n: "Re: Big problem on linux 2.0"
- Reply: Andrea Arcangeli: "Re: Big problem on linux 2.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, 11 Dec 1999, visi0n wrote:
> In my last mail I'd posted a patch for kernel 2.0.38, that was
>made against a modified socket.c you need this one for the original kernel
>(2.0.38). Sorry...
>
> -966,8 +966,9
> struct msghdr msg;
> struct iovec iov;
>
>- if(len<0)
>+ if(len < 0 || len >= 65468)
> return -EINVAL;
>+
> err=verify_area(VERIFY_READ,buff,len);
> if(err)
> return err;
The above patch doesn't fix the bug, because you can still use
the other kernel entry points send/sendmsg to feed a big payload
ip_build_xmit.
Also note that you don't need to restrict to 65467 bytes the max size of a
packet when the ip options are < 40 bytes.
Andrea
- Next message: Malartre: "Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability"
- Previous message: Pavel Machek: "Re: sshd1 allows unencrypted sessions regardless of server policy"
- In reply to: visi0n: "Re: Big problem on linux 2.0"
- Reply: Andrea Arcangeli: "Re: Big problem on linux 2.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Tue Dec 14 1999 - 21:47:06 CST