diff options
author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-05-15 03:36:35 +0000 |
---|---|---|
committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-05-15 03:36:35 +0000 |
commit | a582c77134b70f81a9ab54b67a2f9f7f64115ea9 (patch) | |
tree | c15c687a0d49232c2e402b8ffcc87083db8ffcdf | |
parent | 5c8592bac82f56d9c917322d101d356aa061082c (diff) |
Fix sanity check that caused really short packets (ICMPs with less
than 8 bytes of payload) to be dropped. Did not affect TCP/UDP packets
and most ICMP packets.
-rw-r--r-- | sys/netinet/ip_esp.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index ccba29bc436..683b9a85de3 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.41 2000/04/25 02:53:45 jason Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.42 2000/05/15 03:36:34 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -616,9 +616,9 @@ esp_input_cb(void *op) m_copydata(m, m->m_pkthdr.len - 3, 3, lastthree); /* Verify pad length */ - if (lastthree[1] + 2 > m->m_pkthdr.len - skip - hlen) + if (lastthree[1] + 2 > m->m_pkthdr.len - skip) { - DPRINTF(("esp_input_cb(): invalid padding length %d for packet in SA %s/%08x\n", lastthree[2], ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi))); + DPRINTF(("esp_input_cb(): invalid padding length %d for packet in SA %s/%08x\n", lastthree[1], ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi))); espstat.esps_badilen++; m_freem(m); return EINVAL; |