2010-06-29 20:15 keltezéssel, Martin Holste írta:
Yep, I was looking at the latest 11 release SRPM I could find, which was still libnet-1.1.2.1-140.22. In one of the previous threads on this mailing list, a very valuable link was provided which has the exact source code needed for the patch: http://www.securityfocus.com/archive/89/384197/30/90/threaded .
OK. Instead of just checking dates, I inspected now the SuSE patches more closely. Another patch is already applied to src/libnet_checksum.c in the patch called libnet-1.1.2.1-strict-aliasing-fix.diff which replaces the libnet_in_cksum() function with another one. The relevant part of the patch is: --- src/libnet_checksum.c +++ src/libnet_checksum.c @@ -58,6 +58,27 @@ return (sum); } +#include <assert.h> +/* same as above, just takes *u_int32_t */ +int +libnet_in_cksum32(u_int32_t *addr32, int len) +{ + int sum; + + sum = 0; + + while (len > 3) + { + sum += (*addr32) >> 16; + sum += (*addr32) & 0x0000ffff; + len -= 4; + addr32++; + } + assert(len == 0); + + return (sum); +} + int libnet_toggle_checksum(libnet_t *l, libnet_ptag_t ptag, int mode) { @@ -173,7 +194,7 @@ } else { - sum = libnet_in_cksum((u_int16_t *)&iph_p->ip_src, 8); + sum = libnet_in_cksum32((u_int32_t *)&iph_p->ip_src, 8); } sum += ntohs(IPPROTO_TCP + len); sum += libnet_in_cksum((u_int16_t *)tcph_p, len); @@ -191,7 +212,7 @@ } else { - sum = libnet_in_cksum((u_int16_t *)&iph_p->ip_src, 8); + sum = libnet_in_cksum32((u_int32_t *)&iph_p->ip_src, 8); } sum += ntohs(IPPROTO_UDP + len); sum += libnet_in_cksum((u_int16_t *)udph_p, len); With my limited C knowledge I don't know how much is this different from the one on securityfocus.com. Did you test 11.X that the problem is still there? Bye, CzP