Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 451094 Details for
Bug 597792
PAX: size overflow detected in function ipv6_frag_rcv net/ipv6/reassembly.c:223
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
hack.diff
hack.diff (text/plain), 1.13 KB, created by
Alexander Wetzel
on 2016-10-23 12:39:37 UTC
(
hide
)
Description:
hack.diff
Filename:
MIME Type:
Creator:
Alexander Wetzel
Created:
2016-10-23 12:39:37 UTC
Size:
1.13 KB
patch
obsolete
>--- /tmp/reassembly.c 2016-10-23 14:13:28.086253478 +0200 >+++ net/ipv6/reassembly.c 2016-10-22 23:13:52.778959198 +0200 >@@ -211,7 +211,7 @@ > { > struct sk_buff *prev, *next; > struct net_device *dev; >- int offset, end; >+ int offset, end, temp; > struct net *net = dev_net(skb_dst(skb)->dev); > u8 ecn; > >@@ -219,8 +219,14 @@ > goto err; > > offset = ntohs(fhdr->frag_off) & ~0x7; >- end = offset + (ntohs(ipv6_hdr(skb)->payload_len) - >- ((u8 *)(fhdr + 1) - (u8 *)(ipv6_hdr(skb) + 1))); >+ >+ printk ("DDD ip6_frag_queue offset=%x; payload_len=%x; fhdr1=%x; ipv6_hdr=%x\n", offset, ntohs(ipv6_hdr(skb)->payload_len), (u8 *)(fhdr + 1), (u8 *)(ipv6_hdr(skb) + 1)); >+ >+ temp = (u8 *)(fhdr + 1) - (u8 *)(ipv6_hdr(skb) + 1); >+ temp &= 0xff; >+ end = offset + (ntohs(ipv6_hdr(skb)->payload_len) - temp); >+// ((u8 *)(fhdr + 1) - (u8 *)(ipv6_hdr(skb) + 1))); >+ printk ("DDD ip6_frag_queue2 end=%x\n", end); > > if ((unsigned int)end > IPV6_MAXPLEN) { > __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), >@@ -558,7 +564,7 @@ > int ret; > > spin_lock(&fq->q.lock); >- >+ > ret = ip6_frag_queue(fq, skb, fhdr, IP6CB(skb)->nhoff); > > spin_unlock(&fq->q.lock);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 597792
:
451036
| 451094 |
451096
|
451098
|
451160