Search

Home

Sort by

Full Search
Definition
Symbol
File Path
History
Type

In Project(s)

Searched hist:36960 (Results 1 - 3 of 3) sorted by relevance

/freebsd-10.0-release/usr.sbin/ppp/
H A D	slcompress.h	diff 36960 Sat Jun 13 22:56:13 MDT 1998 brian o Pass our negotiated number of VJ slots into sl_uncompress_tcp() and drop packets with slot numbers that are out of range. o Drop packets that want to use a slot that still has an IP header length of 0 (ie, the requested slot number is bogus again). Without this code, if the other side mis-behaves (and sends us garbage slot numbers), we happily ``adjust'' a memset(..., '\0', ...) TCP/IP header and promptly cr*p all over the stack before returning.... quickly followed by a SIGBUS. Dodgy ISP used by, and help locating the problem from: jmz Problem also seen by: Mourad de Riche <omnibus@image.dk> There's still a link lockup after this happens, but my bets are on the other side (who has already started sending rubbish) being to blame.
H A D	slcompress.c	diff 36960 Sat Jun 13 22:56:13 MDT 1998 brian o Pass our negotiated number of VJ slots into sl_uncompress_tcp() and drop packets with slot numbers that are out of range. o Drop packets that want to use a slot that still has an IP header length of 0 (ie, the requested slot number is bogus again). Without this code, if the other side mis-behaves (and sends us garbage slot numbers), we happily ``adjust'' a memset(..., '\0', ...) TCP/IP header and promptly cr*p all over the stack before returning.... quickly followed by a SIGBUS. Dodgy ISP used by, and help locating the problem from: jmz Problem also seen by: Mourad de Riche <omnibus@image.dk> There's still a link lockup after this happens, but my bets are on the other side (who has already started sending rubbish) being to blame.
H A D	vjcomp.c	diff 36960 Sat Jun 13 22:56:13 MDT 1998 brian o Pass our negotiated number of VJ slots into sl_uncompress_tcp() and drop packets with slot numbers that are out of range. o Drop packets that want to use a slot that still has an IP header length of 0 (ie, the requested slot number is bogus again). Without this code, if the other side mis-behaves (and sends us garbage slot numbers), we happily ``adjust'' a memset(..., '\0', ...) TCP/IP header and promptly cr*p all over the stack before returning.... quickly followed by a SIGBUS. Dodgy ISP used by, and help locating the problem from: jmz Problem also seen by: Mourad de Riche <omnibus@image.dk> There's still a link lockup after this happens, but my bets are on the other side (who has already started sending rubbish) being to blame.

Completed in 55 milliseconds

asus-wl-520gu-7.0.1.45
asuswrt-rt-n18u-9.0.0.4.380.2695
barrelfish-2018-10-04
barrelfish-master
broadcom-cfe-1.4.2
darwin-on-arm
freebsd-10-stable
freebsd-10.0-release
freebsd-10.1-release
freebsd-10.2-release
freebsd-10.3-release
freebsd-11-stable
freebsd-11.0-release
freebsd-12-stable
freebsd-13-stable
freebsd-9.3-release
freebsd-current
fuchsia
haiku
haiku-buildtools
haiku-fatelf
haikuporter
haikuports
linux-master
macosx-10.10
macosx-10.10.1
macosx-10.5.8
macosx-10.9.5
netbsd-6-1-5-RELEASE
netbsd-current
netgear-R7000-V1.0.7.12_1.2.5
netgear-R7800-V1.0.2.28
netgear-WNDR4500-V1.0.1.40_1.0.68
netgear-WNDR4500v2-V1.0.0.60_1.0.38
openbsd-current
openjdk10
openjdk9
opensolaris-onvv-gate
openwrt
seL4-camkes-master
seL4-l4v-10.1.1
seL4-l4v-master
seL4-mcs-10.1.1
seL4-refos-master
seL4-test-master
u-boot
xnu-2422.115.4
xnu-2782.1.97