diff --unified --recursive --new-file --exclude-from exclude linux.vanilla/include/linux/skbuff.h linux/include/linux/skbuff.h
--- linux.vanilla/include/linux/skbuff.h	Tue Oct  8 17:43:35 1996
+++ linux/include/linux/skbuff.h	Tue Oct 22 12:46:04 1996
@@ -102,7 +102,7 @@
 #define PACKET_OTHERHOST	3		/* To someone else 				*/
 	unsigned short	users;			/* User count - see datagram.c,tcp.c 		*/
 	unsigned short	protocol;		/* Packet protocol from driver. 		*/
-	unsigned short	truesize;		/* Buffer size 					*/
+	__u32		truesize;		/* Buffer size 					*/
 
 	atomic_t	count;			/* reference count				*/
 	struct sk_buff	*data_skb;		/* Link to the actual data skb			*/
diff --unified --recursive --new-file --exclude-from exclude linux.vanilla/include/net/sock.h linux/include/net/sock.h
--- linux.vanilla/include/net/sock.h	Tue Oct  8 17:45:32 1996
+++ linux/include/net/sock.h	Tue Oct 22 12:48:06 1996
@@ -216,7 +216,7 @@
 	volatile unsigned long  ato;            /* ack timeout */
 	volatile unsigned long  lrcvtime;       /* jiffies at last data rcv */
 	volatile unsigned long  idletime;       /* jiffies at last rcv */
-	unsigned short		bytes_rcv;
+	__u32			bytes_rcv;
 /*
  *	mss is min(mtu, max_window) 
  */
@@ -251,8 +251,8 @@
 	unsigned char		max_ack_backlog;
 	unsigned char		priority;
 	unsigned char		debug;
-	unsigned short		rcvbuf;
-	unsigned short		sndbuf;
+	__u32			rcvbuf;
+	__u32			sndbuf;
 	unsigned short		type;
 	unsigned char		localroute;	/* Route locally only */
 #ifdef CONFIG_AX25
diff --unified --recursive --new-file --exclude-from exclude linux.vanilla/net/ipv4/icmp.c linux/net/ipv4/icmp.c
--- linux.vanilla/net/ipv4/icmp.c	Sun Oct  6 15:42:09 1996
+++ linux/net/ipv4/icmp.c	Tue Oct 22 12:45:41 1996
@@ -1031,6 +1031,14 @@
 #endif
 	icmp_statistics.IcmpInMsgs++;
 	
+	if(len < sizeof(struct icmphdr))
+	{
+		icmp_statistics.IcmpInErrors++;
+		printk(KERN_INFO "ICMP: runt packet\n");
+		kfree_skb(skb, FREE_READ);
+		return 0;
+	}
+	
   	/*
 	 *	Validate the packet
   	 */
diff --unified --recursive --new-file --exclude-from exclude linux.vanilla/net/ipv4/ip_fragment.c linux/net/ipv4/ip_fragment.c
--- linux.vanilla/net/ipv4/ip_fragment.c	Sat Aug 10 08:03:16 1996
+++ linux/net/ipv4/ip_fragment.c	Tue Oct 22 12:27:07 1996
@@ -24,6 +24,7 @@
 #include <net/icmp.h>
 #include <linux/tcp.h>
 #include <linux/udp.h>
+#include <linux/inet.h>
 #include <linux/firewall.h>
 #include <linux/ip_fw.h>
 #include <net/checksum.h>
@@ -337,7 +338,15 @@
 	 *	Allocate a new buffer for the datagram.
 	 */
 	len = qp->ihlen + qp->len;
-
+	
+	if(len>65535)
+	{
+		printk("Oversized IP packet from %s.\n", in_ntoa(qp->iph->saddr));
+		ip_statistics.IpReasmFails++;
+		ip_free(qp);
+		return NULL;
+	}
+	
 	if ((skb = dev_alloc_skb(len)) == NULL)
 	{
 		ip_statistics.IpReasmFails++;
@@ -366,7 +375,7 @@
 		{
 			NETDEBUG(printk("Invalid fragment list: Fragment over size.\n"));
 			ip_free(qp);
-			frag_kfree_skb(skb,FREE_WRITE);
+                        kfree_skb(skb,FREE_WRITE);
 			ip_statistics.IpReasmFails++;
 			return NULL;
 		}
@@ -424,7 +433,7 @@
 	if (((flags & IP_MF) == 0) && (offset == 0))
 	{
 		if (qp != NULL)
-			ip_free(qp);	/* Huh? How could this exist?? */
+			ip_free(qp);	/* Fragmented frame replaced by full unfragmented copy */
 		return(skb);
 	}
 
@@ -461,7 +470,7 @@
 		if ((qp = ip_create(skb, iph, dev)) == NULL)
 		{
 			skb->sk = NULL;
-			frag_kfree_skb(skb, FREE_READ);
+			kfree_skb(skb, FREE_READ);
 			ip_statistics.IpReasmFails++;
 			return NULL;
 		}