Re: [andrewg@tasmail.com: remote memory reading through tcp/icmp]

Russell King (rmk@arm.linux.org.uk)
Mon, 21 Jan 2002 14:14:36 +0000

On Sun, Jan 20, 2002 at 06:43:18PM -0800, David S. Miller wrote:
> From: Dave Jones <davej@suse.de>
> Date: Mon, 21 Jan 2002 03:12:11 +0100
>
> On Sun, Jan 20, 2002 at 05:52:04PM -0800, David S. Miller wrote:
> > - icmp_param.offset=skb_in->nh.raw - skb_in->data;
> > + icmp_param.offset=skb_in->data - skb_in->nh.raw;
>
> With this fix, I'm seeing lots of really strange things happen.
> When eth0 comes up, the box slows down to a crawl.
> 5 minutes later when it gets to starting NIS, the
> broadcast address is bombed with portmap connections.
>
> Andi?

I've also seen:

127.0.0.1 sent an invalid ICMP error to a broadcast.

from the ipv4 stack after fixing these as per the Andi's patch. I'm not
certain what's causing it; it only happens while the box is coming up.

In addition, there was another case in the icmp6 code that Andi confirmed
last night:

--- ref/net/ipv6/icmp.c Fri Oct 5 17:53:04 2001
+++ linux/net/ipv6/icmp.c Sun Jan 20 23:05:01 2002
@@ -258,7 +258,7 @@
{
u8 optval;

- offset += skb->nh.raw - skb->data;
+ offset += skb->data - skb->nh.raw;
if (skb_copy_bits(skb, offset, &optval, 1))
return 1;
return (optval&0xC0) == 0x80;

(another mail will be following this one with another patch...)

-- 
Russell King (rmk@arm.linux.org.uk)                The developer of ARM Linux
             http://www.arm.linux.org.uk/personal/aboutme.html


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/