Project

General

Profile

Actions

Security #6668

closed

ip defrag: final overlapping packet can lead to "hole" in re-assembled data

Added by Jason Ish 10 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Label:
Git IDs:

d0fd0782505d837e691ceef1b801776f0db82726

Severity:
MODERATE
Disclosure Date:

Description

This is covered in test: bsd/peos/test_361

Given a packet that covers regions M-N and has MF set to 0, but there is a still a hole before region M. Then another packet comes in and covers (M-1)-N, we could have a hole in the re-assembled as the packet received first comes first in the iteration of packets to be re-assembled, and we break on the MF flag being 0.

Instead we should iterate one more time, as the following packet may fill in the hole.


Subtasks 2 (0 open2 closed)

Security #6671: ip defrag: final overlapping packet can lead to "hole" in re-assembled data (6.0.x backport)ClosedJason IshActions
Security #6673: ip defrag: final overlapping packet can lead to "hole" in re-assembled data (7.0.x backport)ClosedJason IshActions
Actions

Also available in: Atom PDF