Re: [Problem] Linux 2.4.5-ac17 ipt_unclean 'fixes'

Rusty Russell (rusty@rustcorp.com.au)
Mon, 16 Jul 2001 20:28:45 +1000


In message <20010714170021.B1391@dok.org> you write:
> today) but there seems to be a problem with the ipt_unclean fixes by Rusty
> Russell. ANY incoming packets from any interface (ppp0 and eth0) are
> marked as 'unclean' with some variation on the following syslog entry:
>
> Jul 8 23:16:04 paranoia kernel: ipt_unclean: TCP option 3 at 37 too long

Please try this patch which fixes this as well, which is in Linus'
pre-patches.

Rusty.

--
Premature optmztion is rt of all evl. --DK

diff -urN linux-2.4.6/net/ipv4/netfilter/ipt_unclean.c linux-2.4.6-f1/net/ipv4/netfilter/ipt_unclean.c --- linux-2.4.6/net/ipv4/netfilter/ipt_unclean.c Wed Jul 4 21:27:32 2001 +++ linux-2.4.6-f1/net/ipv4/netfilter/ipt_unclean.c Thu Jul 5 19:16:00 2001 @@ -268,6 +268,7 @@ int embedded) { u_int8_t *opt = (u_int8_t *)tcph; + u_int8_t *endhdr = (u_int8_t *)tcph + tcph->doff * 4; u_int8_t tcpflags; int end_of_options = 0; size_t i; @@ -373,7 +374,7 @@ return 0; } /* CHECK: oversize options. */ - else if (opt[i+1] + i >= tcph->doff * 4) { + else if (&opt[i] + opt[i+1] > endhdr) { limpk("TCP option %u at %Zu too long\n", (unsigned int) opt[i], i); return 0; @@ -392,6 +393,7 @@ check_ip(struct iphdr *iph, size_t length, int embedded) { u_int8_t *opt = (u_int8_t *)iph; + u_int8_t *endhdr = (u_int8_t *)iph + iph->ihl * 4; int end_of_options = 0; void *protoh; size_t datalen; @@ -444,7 +446,7 @@ return 0; } /* CHECK: oversize options. */ - else if (opt[i+1] + i > iph->ihl * 4) { + else if (&opt[i] + opt[i+1] > endhdr) { limpk("IP option %u at %u too long\n", opt[i], i); return 0; - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/