overdrop.c DoS


>From lcamtuf@boss.staszic.waw.pl Sat Apr 18 09:06:58 1998
Date: Sat, 18 Apr 1998 11:48:33 +0200 (CEST)
From: Michal Zalewski 
To: info@rootshell.com
Subject: ip_fragment.c - printk() problem.

Here's a DoS exploit against Linux 2.0.33... It doesn't crash
anything, but it's very annoying ;)

Fix:

--- ip_fragment.c.orig  Fri Apr 17 16:42:38 1998
+++ ip_fragment.c       Fri Apr 17 17:17:15 1998
@@ -345,7 +345,7 @@

        if(len>65535)
        {
-               printk("Oversized IP packet from %s.\n", in_ntoa(qp->iph->saddr));
+               NETDEBUG(printk("Oversized IP packet from %s.\n", in_ntoa(qp->iph->saddr)));
                ip_statistics.IpReasmFails++;
                ip_free(qp);
                return NULL;

-------------------------------------------------------------------------

// http://www.rootshell.com/ - 4/18/98

// overdrop by lcamtuf [Linux 2.0.33 printk abuse]
// ------------------------------------------------
// based on (reaped from) teardrop by route|daemon9

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

[snip...]

void usage(char *name) {
  fprintf(stderr,"%s dst_ip [ -n how_many ] [ -s src_ip ] [ -x ] (use -x for express delivery).\n",name);
  exit(0);
}

[snip...]