Follow

We have this bug at work where a certain piece of closed-source software assumes a 1472-byte UDP payload will never be fragmented and thus breaks in IPv6. There's only one instance of the constant 0x5c0 in the binary. What are the odds that everything would break terribly if I just replace that 0x5c0 with a 0x5ac in the binary?

@roguelazer if they hardcoded the payload size, it's probably being copied into a constant size buffer on the stack... You'd just be creating a buffer overflow. otoh, you could trace for a call to malloc and see if it's on the heap instead, but I doubt it.

@synack AFAICT it has logic to internally fragment messages at 1472B so I'm hopeful that this constant is in the fragment code.

@roguelazer I wonder if turning off Path MTU discovery would make it work

Sign in to participate in the conversation
Mastodon for Tech Folks

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!