buffer overflow in ip_options_echo

From: Alex Lyahkov
Date: Sun Feb 22 2004 - 10:24:55 EST

Next message: Eric W. Biederman: "Re: UTF-8 practically vs. theoretically in the VFS API"
Previous message: Herbert Poetzl: "Re: Kernel Cross Compiling [update]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello All

When i trued to do stress testing my project i found strange bug in high
network activity.
In test started four ab each with 1000 connections in same time.
after 25-60 minutes testing i found panic in network subsystem.
I patch my kernel with kgdb 1.6 and found that
Program received signal SIGSEGV, Segmentation fault.
0xc0255ad3 in ip_send_reply (sk=0x6e755320, skb=0x3232202c,
arg=0x62654620, len=808464928)
at ip_output.c:982
982 ip_output.c: No such file or directory.
in ip_output.c
(gdb) p replyopts.opt.optlen
$8 = 60 '<'
but functions reserved 40 byte for options and it do overflow.

--
Alex Lyahkov <shadow@xxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Eric W. Biederman: "Re: UTF-8 practically vs. theoretically in the VFS API"
Previous message: Herbert Poetzl: "Re: Kernel Cross Compiling [update]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]