diff options
author | Sam Roberts <vieuxtech@gmail.com> | 2009-03-06 12:29:41 -0800 |
---|---|---|
committer | Sam Roberts <vieuxtech@gmail.com> | 2009-03-06 12:29:41 -0800 |
commit | 14f67cc09cf7c98a871a5e07d699a0d57b2d7747 (patch) | |
tree | cfc561ee29dc84e9ef24b4bc4b93dc5554150e33 /libnet/src/libnet_init.c | |
parent | 9fce425a281857b1e903401256b221f8e97f243a (diff) | |
download | libnet-14f67cc09cf7c98a871a5e07d699a0d57b2d7747.tar.gz |
Bug fixes and reproduction code for ip_offset accounting problem in libnet_build_ipv4
What happens is the ip_offset doesn't get correctly updated, and the checksum
is written into invalid memory. Depending on your architecture, and the
location of invalid memory, you might segv, silently produce packets with bad
checksums or the checksum overwriting some other part of the header, or corrupt
glib's internal alloc data structures.
See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=418975#47 for more information.
Diffstat (limited to 'libnet/src/libnet_init.c')
-rw-r--r-- | libnet/src/libnet_init.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/libnet/src/libnet_init.c b/libnet/src/libnet_init.c index 976b44c..58f4df1 100644 --- a/libnet/src/libnet_init.c +++ b/libnet/src/libnet_init.c @@ -250,6 +250,7 @@ libnet_getpbuf_size(libnet_t *l, libnet_ptag_t ptag) u_int32_t libnet_getpacket_size(libnet_t *l) { + // Why doesn't this return l->total_size? libnet_pblock_t *p; u_int32_t n; |