2002-09-13 22:03:58

by Jeff DeFouw

[permalink] [raw]
Subject: [PATCH] 2.0-2.5 bug in ip_options_compile

While reading about IP options, I found the IPOPT_END padding (cleaning)
in ip_options_compile (net/ipv4/ip_options.c) was not incrementing a
pointer. There should be an optptr++ in the for end-of-block statement
to go along with the l--, otherwise it's just comparing the same byte
for each l. Patch is against 2.4.19. From the kernel source browser
this bug is also in 2.5.31, 2.2.21, and 2.0.39.

--- linux/net/ipv4/ip_options.c.orig 2002-09-13 15:12:24.000000000 -0500
+++ linux/net/ipv4/ip_options.c 2002-09-13 15:12:50.000000000 -0500
@@ -266,7 +266,7 @@
for (l = opt->optlen; l > 0; ) {
switch (*optptr) {
case IPOPT_END:
- for (optptr++, l--; l>0; l--) {
+ for (optptr++, l--; l>0; optptr++, l--) {
if (*optptr != IPOPT_END) {
*optptr = IPOPT_END;
opt->is_changed = 1;


--
Jeff DeFouw <[email protected]>


2002-09-13 22:16:36

by David Miller

[permalink] [raw]
Subject: Re: [PATCH] 2.0-2.5 bug in ip_options_compile

From: Jeff DeFouw <[email protected]>
Date: Fri, 13 Sep 2002 17:08:38 -0500

While reading about IP options, I found the IPOPT_END padding (cleaning)
in ip_options_compile (net/ipv4/ip_options.c) was not incrementing a
pointer. There should be an optptr++ in the for end-of-block statement
to go along with the l--, otherwise it's just comparing the same byte
for each l. Patch is against 2.4.19. From the kernel source browser
this bug is also in 2.5.31, 2.2.21, and 2.0.39.

Thanks a lot for spotting this, I will add this
to my 2.4.x and 2.5.x trees and merge upstream.

2002-09-13 22:45:49

by David Weinehall

[permalink] [raw]
Subject: Re: [PATCH] 2.0-2.5 bug in ip_options_compile

On Fri, Sep 13, 2002 at 03:13:06PM -0700, David S. Miller wrote:
> From: Jeff DeFouw <[email protected]>
> Date: Fri, 13 Sep 2002 17:08:38 -0500
>
> While reading about IP options, I found the IPOPT_END padding (cleaning)
> in ip_options_compile (net/ipv4/ip_options.c) was not incrementing a
> pointer. There should be an optptr++ in the for end-of-block statement
> to go along with the l--, otherwise it's just comparing the same byte
> for each l. Patch is against 2.4.19. From the kernel source browser
> this bug is also in 2.5.31, 2.2.21, and 2.0.39.
>
> Thanks a lot for spotting this, I will add this
> to my 2.4.x and 2.5.x trees and merge upstream.

Thanks. Will be in 2.0.40-rc7.


Regards: David Weinehall
--
/> David Weinehall <[email protected]> /> Northern lights wander <\
// Maintainer of the v2.0 kernel // Dance across the winter sky //
\> http://www.acc.umu.se/~tao/ </ Full colour fire </