Displaying 1 result from an estimated 1 matches for "tcpopt_mss".
2017 Jan 19
0
[Bug 1113] New: integer overflow in xt_TCPMSS
...+0500
@@ -126,7 +126,7 @@
newmss = info->mss;
opt = (u_int8_t *)tcph;
- for (i = sizeof(struct tcphdr); i <= tcp_hdrlen - TCPOLEN_MSS; i +=
optlen(opt, i)) {
+ for (i = sizeof(struct tcphdr); i + TCPOLEN_MSS <= tcp_hdrlen; i +=
optlen(opt, i)) {
if (opt[i] == TCPOPT_MSS && opt[i+1] == TCPOLEN_MSS) {
u_int16_t oldmss;
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/2017...