Re: UDP bug in 2.1.74

A.N.Kuznetsov (kuznet@ms2.inr.ac.ru)
Fri, 26 Dec 1997 23:15:08 +0300

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Tuomas Heino: "Re: Default character set of the Linux console"
Previous message: Claes G Lindblad: "hard_math undeclared/2.1.76?"
Maybe in reply to: Richard Gooch: "UDP bug in 2.1.74"

In article <199712260830.TAA00214@workaholix.atnf.CSIRO.AU> you wrote:
: Hi, all. Fiddling with some UDP code, I managed to bring my system
: to it's knees by calling:
: write (fd, buf, 65534);

Yep :-( :-( It is my fault, please, replace len>65535 in udp_sendmsg with
ulen>65535.

Really, it is wrong in any case. You still can kill both 2.1 and, alas,
2.0 too, only make setsockopt(IP_OPTIONS) before write :-(

The real solution is:

- to replace "unsigned short" length argument
in ip_build_xmit with "unsigned".
- to delete all the silly checks in udp.c and raw.c
sort of "if (len>SOMETHING) return -EMSGSIZE", they are wrong in any case.
- to add to ip_output.c:

maxfraglen = ((rt->u.dst.pmtu-sizeof(struct iphdr)) & ~7) + fragheaderlen;
}

+ if (length + fragheaderlen > 0xFFFF)
+ return -EMSGSIZE;
+
/*
* Start at the end of the frame by handling the remainder.

It will be true solution (well, ignoring not related bug incorrecly
accounting options length, when IP_HDRINCL is on)

Alexey Kuznetsov

Next message: Tuomas Heino: "Re: Default character set of the Linux console"
Previous message: Claes G Lindblad: "hard_math undeclared/2.1.76?"
Maybe in reply to: Richard Gooch: "UDP bug in 2.1.74"