chiark / gitweb /
netlink: fix IP length check (SECURITY)
authorIan Jackson <ijackson@chiark.greenend.org.uk>
Sun, 13 Apr 2014 23:45:35 +0000 (00:45 +0100)
committerIan Jackson <ijackson@chiark.greenend.org.uk>
Thu, 24 Apr 2014 01:32:45 +0000 (02:32 +0100)
This would erroneously abort on some very short packets.

This is a DoS vulnerability, exposed to internal sites only.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
debian/changelog
netlink.c

index fe6caae..46645f4 100644 (file)
@@ -9,6 +9,7 @@ secnet (0.3.1~~unstable) unstable; urgency=low
   * SECURITY: Fixes to MTU and fragmentation handling.
   * SECURITY: Correctly set "unused" ICMP header field.
   * Do not send ICMP errors in response to unknown incoming ICMP.
+  * SECURITY: Fix IP length check not to crash on very short packets.
 
  --
 
index 2c3d12d..787f4eb 100644 (file)
--- a/netlink.c
+++ b/netlink.c
@@ -831,7 +831,7 @@ static void netlink_incoming(struct netlink *st, struct netlink_client *client,
        BUF_FREE(buf);
        return;
     }
-    assert(buf->size >= (int)sizeof(struct icmphdr));
+    assert(buf->size >= (int)sizeof(struct iphdr));
     iph=(struct iphdr *)buf->start;
 
     source=ntohl(iph->saddr);