Displaying 1 result from an estimated 1 matches for "ip_size".
Did you mean:
in_size
2018 Oct 10
1
Question about path MTU / segfault
Hi All,
I traced the core dump of a segfaulting tinc (1.1pre16) and found that
the problem occurs when dest->mtu is 0 in
src/route.c:607:fragment_ipv4_packet()
maxlen = (dest->mtu - ether_size - ip_size) & ~0x7;
...
int len = todo > maxlen ? maxlen : todo;
memcpy(DATA(&fragment) + ether_size + ip_size, offset, len);
If dest->mtu is 0, signed int maxlen becomes -40 and is then passed as
unsigned size_t len into memcpy which then segfaults.
Elsewhere in the code, the mtu value is alw...