--- ip_fragment.c.orig  Wed Aug  7 07:00:08 1996
+++ ip_fragment.c       Sat Oct 19 20:33:42 1996
@@ -47,6 +47,8 @@
 
 atomic_t ip_frag_mem = 0;                      /* Memory used for fragments */
 
+char *in_ntoa(unsigned long in);
+
 /*
  *     Memory Tracking Functions
  */
@@ -366,7 +368,7 @@
                {
                        NETDEBUG(printk("Invalid fragment list: Fragment over size.\n"));
                        ip_free(qp);
-                       frag_kfree_skb(skb,FREE_WRITE);
+                       kfree_skb(skb,FREE_WRITE);
                        ip_statistics.IpReasmFails++;
                        return NULL;
                }
@@ -466,6 +468,19 @@
                        return NULL;
                }
        }
+       
+       /*
+        *      Attempt to construct an oversize packet.
+        */
+        
+       if(ntohs(iph->tot_len)+(int)offset>65535)
+       {
+               skb->sk = NULL;
+               printk("Oversized packet received from %s\n",in_ntoa(qp->iph->saddr));
+               frag_kfree_skb(skb, FREE_READ);
+               ip_statistics.IpReasmFails++;
+               return NULL;
+       }       
 
        /*
         *      Determine the position of this fragment.