diff options
| author | fenner <fenner@FreeBSD.org> | 1996-10-25 17:57:53 +0000 |
|---|---|---|
| committer | fenner <fenner@FreeBSD.org> | 1996-10-25 17:57:53 +0000 |
| commit | aa424264765815c0b549bb0ef4fb82799a34c350 (patch) | |
| tree | 3befa5b07bb47bd5b8369c3bd655d60f74ea009c /sys/netinet/ip_input.c | |
| parent | ccd3ba3727691f91198db0cc85afabfd9e88a1ea (diff) | |
| download | FreeBSD-src-aa424264765815c0b549bb0ef4fb82799a34c350.zip FreeBSD-src-aa424264765815c0b549bb0ef4fb82799a34c350.tar.gz | |
Don't allow reassembly to create packets bigger than IP_MAXPACKET, and count
attempts to do so.
Don't allow users to source packets bigger than IP_MAXPACKET.
Make UDP length and ipovly's protocol length unsigned short.
Reviewed by: wollman
Submitted by: (partly by) kml@nas.nasa.gov (Kevin Lahey)
Diffstat (limited to 'sys/netinet/ip_input.c')
| -rw-r--r-- | sys/netinet/ip_input.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index d5c904d..cfe1d4a 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 - * $Id: ip_input.c,v 1.48 1996/10/07 19:21:45 wollman Exp $ + * $Id: ip_input.c,v 1.49 1996/10/22 22:25:58 sos Exp $ * $ANA: ip_input.c,v 1.5 1996/09/18 14:34:59 wollman Exp $ */ @@ -646,7 +646,17 @@ insert: return (0); /* - * Reassembly is complete; concatenate fragments. + * Reassembly is complete. Make sure the packet is a sane size. + */ + if (next + (IP_VHL_HL(((struct ip *)fp->ipq_next)->ip_vhl) << 2) + > IP_MAXPACKET) { + ipstat.ips_toolong++; + ip_freef(fp); + return (0); + } + + /* + * Concatenate fragments. */ q = fp->ipq_next; m = dtom(q); |
