[BACK]Return to ip_input.c CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / sys / netinet

Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.

Diff for /src/sys/netinet/ip_input.c between version 1.258 and 1.259

version 1.258, 2007/12/21 18:58:55 version 1.259, 2007/12/21 23:49:09
Line 900  ours:
Line 900  ours:
                 /*                  /*
                  * Prevent TCP blind data attacks by not allowing non-initial                   * Prevent TCP blind data attacks by not allowing non-initial
                  * fragments to start at less than 68 bytes (minimal fragment                   * fragments to start at less than 68 bytes (minimal fragment
                  * size).                   * size) and making sure the first fragment is at least 68
                    * bytes.
                  */                   */
                 off = htons(ip->ip_off) & ~(IP_DF|IP_EF|IP_MF);                  off = htons(ip->ip_off) & ~(IP_DF|IP_EF|IP_MF);
                 if (off > 0 && off + hlen < IP_MINFRAGSIZE - 1) {                  if ((off > 0 ? off + hlen : len) < IP_MINFRAGSIZE - 1) {
                         ipstat.ips_badfrags++;                          ipstat.ips_badfrags++;
                         goto bad;                          goto bad;
                 }                  }

Legend:
Removed from v.1.258  
changed lines
  Added in v.1.259

CVSweb <webmaster@jp.NetBSD.org>