diff options
author | Joel Sherrill <joel.sherrill@OARcorp.com> | 2005-05-20 18:56:42 +0000 |
---|---|---|
committer | Joel Sherrill <joel.sherrill@OARcorp.com> | 2005-05-20 18:56:42 +0000 |
commit | 4e8c729f7fad78eaef465f0b49abc853c8bdd966 (patch) | |
tree | 88de71fd53b2a54bb4612ced99fe77a7076b1cee /cpukit/libnetworking/netinet | |
parent | 2005-05-20 Ralf Corsepius <ralf.corsepius@rtems.org> (diff) | |
download | rtems-4e8c729f7fad78eaef465f0b49abc853c8bdd966.tar.bz2 |
2005-05-20 Eric Norum <norume@aps.anl.gov>
PR 793/networking
* libnetworking/netinet/ip_icmp.c: Malicious ICMP packet causes panic.
Just ignore it.
Diffstat (limited to 'cpukit/libnetworking/netinet')
-rw-r--r-- | cpukit/libnetworking/netinet/ip_icmp.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/cpukit/libnetworking/netinet/ip_icmp.c b/cpukit/libnetworking/netinet/ip_icmp.c index ef3779c0cb..39020162b5 100644 --- a/cpukit/libnetworking/netinet/ip_icmp.c +++ b/cpukit/libnetworking/netinet/ip_icmp.c @@ -138,6 +138,10 @@ icmp_error(n, type, code, dest, destifp) /* Don't send error in response to a multicast or broadcast packet */ if (n->m_flags & (M_BCAST|M_MCAST)) goto freeit; + /* Don't send error in response to malicious packet */ + icmplen = min(oiplen + 8, oip->ip_len); + if (icmplen < sizeof(struct ip)) + goto freeit; /* * First, formulate icmp message */ @@ -147,9 +151,6 @@ icmp_error(n, type, code, dest, destifp) #ifdef MAC mac_create_mbuf_netlayer(n, m); #endif - icmplen = min(oiplen + 8, oip->ip_len); - if (icmplen < sizeof(struct ip)) - panic("icmp_error: bad length"); m->m_len = icmplen + ICMP_MINLEN; MH_ALIGN(m, m->m_len); icp = mtod(m, struct icmp *); |