[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kernel/1816: Repetable crashes of ipfilter code

To: "Denis A. Doroshenko" <d.doroshenko@omnitel.net>
Subject: Re: kernel/1816: Repetable crashes of ipfilter code
From: Camiel Dobbelaar <dobbe@xs4all.nl>
Date: Tue, 8 May 2001 15:40:35 +0200 (CEST)
Cc: ipfilter@coombs.anu.edu.au, bugs@openbsd.org


The others have in_cksum (mostly) in assembly too.

OpenBSD detects the problem just fine, it only chooses to panic instead of
printing a warning and letting it go...  

(initial testing of a patch shows that the length of the pkthdr in the
mbuf and hlen are indeed of by 4, like FreeBSD warned)

--
Cam

On Tue, 8 May 2001, Denis A. Doroshenko wrote:

> it may be because OpenBSD uses assembled in_cksum routine AFAIK. that
> was done to improve performace...
> 
> so if ipfilter itself doesn't perform enough sanity checking, should
> it be placed into in_cksum instead?
> 
> On Tue, May 08, 2001 at 02:31:03PM +0200, Camiel Dobbelaar wrote:
> > 
> > Another piece of the puzzle.
> > 
> > ipfilter is calling in_cksum(mbuf, hlen). Apparently the real length of
> > the mbuf is shorter then hlen. (ie. not enough data). 
> > 
> > in_cksum in OpenBSD is the only one that panics in that situation. FreeBSD
> > and NetBSD just put out a warning.
> > 
> > --
> > Cam
> 
> -- 
> Denis A. Doroshenko  [GPRS/IN/WAP, VAS group engineer] .-.        _|_  |
> [Omnitel Ltd., T.Sevcenkos st. 25, Vilnius, Lithuania] | | _ _  _ .| _ |
> [Phone: +370 9863486 E-mail: d.doroshenko@omnitel.net] |_|| | || |||(/_|_
>

References:
- Re: kernel/1816: Repetable crashes of ipfilter code
  - From: "Denis A. Doroshenko" <d.doroshenko@omnitel.net>

Prev by Date: Re: kernel/1816: Repetable crashes of ipfilter code
Next by Date: Re: kernel/1816: Repetable crashes of ipfilter code
Prev by thread: Re: kernel/1816: Repetable crashes of ipfilter code
Next by thread: Re: kernel/1804
Index(es):
- Date
- Thread