Displaying 2 results from an estimated 2 matches for "fragment_ipv4_packet".
2018 Oct 10
1
Question about path MTU / segfault
Hi All,
I traced the core dump of a segfaulting tinc (1.1pre16) and found that
the problem occurs when dest->mtu is 0 in
src/route.c:607:fragment_ipv4_packet()
maxlen = (dest->mtu - ether_size - ip_size) & ~0x7;
...
int len = todo > maxlen ? maxlen : todo;
memcpy(DATA(&fragment) + ether_size + ip_size, offset, len);
If dest->mtu is 0, signed int maxlen becomes -40 and is then passed as
unsigned size_t len into memcpy which then segfau...
2010 Sep 20
0
No subject
...t->data =3D from;
+ // from->mtuevent->time =3D now + 1;
+ // event_add(from->mtuevent);
+ //}else
+ send_mtu_probe(from);
+ }
return true;
}
diff --git a/src/route.c b/src/route.c
index 1caf738..b1a6389 100644
--- a/src/route.c
+++ b/src/route.c
@@ -317,6 +317,7 @@
static void fragment_ipv4_packet(node_t *dest, vpn_packet_t *packet) {
struct ip ip;
vpn_packet_t fragment;
+ fragment.flag_bits =3D packet->flag_bits;
int len, maxlen, todo;
uint8_t *offset;
uint16_t ip_off, origf;
------=_NextPart_000_0001_01CBADF1.BD635B80--