Trouble Report - Stability of Trumpet Winsock 2.0B impaired when receiving bad IP packets.

[Peter R. Tattam]

This problem has been rectified in version 2.1 and is briefly mentioned in the
patch list for 2.1F.

We have received numerous reports of 2.0B causing a general protection fault
when a bogus IP header is received. While the IP header checksum will detect
most communication errors, there is a chance that a bad IP header will sneak
through to the higher layers resulting in those layers failing in a somewhat
catastrophic manner.

Close examination of the source code revealed that a specific combination
of IP header values would reproduce the problem. If an IP fragment offset
greater than the internal MTU of the TCP/IP stack is received, it will cause
an invalid pointer reference resulting in a general protection failure in
the TCP manager or other internet application. Should Trumpet Winsock be
operating over a packet driver, the abnormal termination of winsock will
usually cause Windows to crash as soon as the next packet is received. If
Trumpet is operating over SLIP/PPP, only the Trumpet stack and possibly the
internet applications using the winsock will be affected.

In the interests of public Internet safety, we advise that use of version 2.0B
should be discontinued as it is a potential security risk.

All registered users of 2.0B should contact Trumpet Software International to
have their copies upgraded to version 2.1 free of charge.

Peter R. Tattam
Managing Director - Trumpet Software International Pty Ltd