Subject: Re: latest ipfilter, IPv6 handling
To: Darren Reed <firstname.lastname@example.org>
From: None <email@example.com>
Date: 03/29/2001 08:12:04
>> >> ip_fil.c:send_reset()
>> >> packet size may possibly overrun mbuf, on certain operating systems
>> >> (like MSIZE == 128 and sizeof(void *) == 8).
>> >huh ?
>> >In send_reset(), it is ONLY IPv6 + TCP.
>> >You're telling me that'll overflow 128 bytes ?!
>> >Likewise, I don't see anything that does anything with "sizeof(void *)"/
>> MHLEN = MSIZE - sizeof(a couple of pointers and integers).
>> TCP header (including option part) can take up to 64 bytes.
>> IPv6 header occupies 40 bytes.
>> if 40 + 64 > MHLEN, you are dead.
>TCP RST's are generated without TCP options and have 20 byte headers.
if I were you I would put
if (MHLEN > 20 + 64)