This is the mail archive of the
ecos-discuss@sourceware.org
mailing list for the eCos project.
Security issue with bsd stack
Hi All,
I am testing our ecos system with bsd tcp/ip stack with ISIC tool (ISIC -- IP Stack Integrity Checker) and found an issue as mentioned below
Description:
(ISIC is a suite of utilities to exercise the stability of an IP Stack and its component stacks (TCP, UDP, ICMP et. al.) It generates piles of pseudo random packets of the target protocol. The packets be given tendancies to conform to. Ie 50% of the packets generated can have IP Options. 25% of the packets can be IP fragments... But the percentages are arbitrary and most of the packet fields have a configurable tendancy.)
When we send stream of packets using the command "tcpsic -s 10.10.10.10,23 -d 10.10.10.100 -I 100" ,our system hangs ,and we observed that the code ( panic ("icmp len") ) highlighted below was hit , when we run the above test case
What should be the correct behaviour?
Could you please give your inputs or opinion on how to handle this case ?
Thanks
saritha
Details of the Panic message
============================
In the file "src/sys/netinet/ip_icmp.c"
/*
* Generate an error packet of type error
* in response to bad packet ip.
*/
void
icmp_error(n, type, code, dest, destifp)
struct mbuf *n;
int type, code;
n_long dest;
struct ifnet *destifp;
{
register struct ip *oip = mtod(n, struct ip *), *nip;
register unsigned oiplen = IP_VHL_HL(oip->ip_vhl) << 2;
register struct icmp *icp;
register struct mbuf *m;
unsigned icmplen;
.......
..........
/*
* Now, copy old ip header (without options)
* in front of icmp message.
if (m->m_data - sizeof(struct ip) < m->m_pktdat)
panic("icmp len"); ////////////////////////////////////////// This PANIC OCCURED when the test case was run //////////////////////////////////
..............
............
}
--
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss