Subject: Re: uipc_socket.c
To: der Mouse <mouse@Holo.Rodents.Montreal.QC.CA>
From: Michael Graff <explorer@flame.org>
List: tech-kern
Date: 08/14/1996 21:32:34
der Mouse <mouse@Holo.Rodents.Montreal.QC.CA> writes:
> If that changes the outgoing packet, then I for one ask that you - or
> whoever addresses the problem - find some other way of fixing it; I
> want to be able to send packets with "illegal" values in them.
> (Indeed, sending packets full of completely random data except for a
> few chosen things like, say, ip_dst and ip_proto is a wonderful way to
> find bugs in protocol stacks.)
No, it changes nothing about the protocol stack at all. All the fix
to uipc_socket.c does is copy the length of data at the correct time.
However, I don't agree that we should allow "bad" packets to be transmitted
using sendto(). IMHO, if you are going to do this, use BPF directly.
Right now, although I have not verified this, any raw-mode socket can
crash the machine by setting the field ip->ip_len to be greater than the
data in the mbuf chain. This is _wrong_ and will cause a kernel panic.
IMHO, this is a bug, and should not be allowed...
--Michael