diff options
author | Ralf Baechle <ralf@linux-mips.org> | 1999-06-13 16:29:25 +0000 |
---|---|---|
committer | Ralf Baechle <ralf@linux-mips.org> | 1999-06-13 16:29:25 +0000 |
commit | db7d4daea91e105e3859cf461d7e53b9b77454b2 (patch) | |
tree | 9bb65b95440af09e8aca63abe56970dd3360cc57 /net/ipv4/ip_fw.c | |
parent | 9c1c01ead627bdda9211c9abd5b758d6c687d8ac (diff) |
Merge with Linux 2.2.8.
Diffstat (limited to 'net/ipv4/ip_fw.c')
-rw-r--r-- | net/ipv4/ip_fw.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/net/ipv4/ip_fw.c b/net/ipv4/ip_fw.c index cf2731df1..f3dbafc04 100644 --- a/net/ipv4/ip_fw.c +++ b/net/ipv4/ip_fw.c @@ -32,6 +32,8 @@ * 3-Jan-1999: Fixed serious procfs security hole -- users should never * be allowed to view the chains! * Marc Santoro <ultima@snicker.emoti.com> + * 29-Jan-1999: Locally generated bogus IPs dealt with, rather than crash + * during dump_packet. --RR. */ /* @@ -1660,6 +1662,10 @@ int ipfw_input_check(struct firewall_ops *this, int pf, struct device *dev, int ipfw_output_check(struct firewall_ops *this, int pf, struct device *dev, void *phdr, void *arg, struct sk_buff **pskb) { + /* Locally generated bogus packets by root. <SIGH>. */ + if (((struct iphdr *)phdr)->ihl * 4 < sizeof(struct iphdr) + || (*pskb)->len < sizeof(struct iphdr)) + return FW_ACCEPT; return ip_fw_check(phdr, dev->name, arg, IP_FW_OUTPUT_CHAIN, *pskb, SLOT_NUMBER(), 0); } |