Actions
Security #6668
closedip defrag: final overlapping packet can lead to "hole" in re-assembled data
Git IDs:
d0fd0782505d837e691ceef1b801776f0db82726
Severity:
MODERATE
Disclosure Date:
Description
This is covered in test: bsd/peos/test_361
Given a packet that covers regions M-N and has MF set to 0, but there is a still a hole before region M. Then another packet comes in and covers (M-1)-N, we could have a hole in the re-assembled as the packet received first comes first in the iteration of packets to be re-assembled, and we break on the MF flag being 0.
Instead we should iterate one more time, as the following packet may fill in the hole.
Updated by Victor Julien 7 months ago
- Status changed from In Review to Closed
- Git IDs updated (diff)
Updated by Victor Julien 7 months ago
- Private changed from Yes to No
Actions