| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Jan 2008 07:09:22 +0100 From: Patrick McHardy <kaber@...sh.net> To: Herbert Xu <herbert@...dor.apana.org.au> CC: Al Viro <viro@...IV.linux.org.uk>, m.kozlowski@...land.pl, davem@...emloft.net, sparclinux@...r.kernel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: sparc oops in ip_fast_csum Herbert Xu wrote: > Patrick, please have a look at the former. In fact it's not just > that ihl may be bogus (which might be harmless as long as the REJECT > hook only gets called from within the IP stack), I think REJECT would > also do the wrong thing if the packet had IP options. So perhaps we > should just make it create a packet from scratch rather than being > too clever in reusing the old one. We currently silently drop packets with IP options in the reject target. The length check should be fine since its only called through the IP stack or bridge netfilter, which replicates the IP stack checks. But I agree to your suggestion, that will allow us to properly handle packets with IP options. I'll take care of this. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists