summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAngelos D. Keromytis <angelos@cvs.openbsd.org>2000-05-15 03:36:35 +0000
committerAngelos D. Keromytis <angelos@cvs.openbsd.org>2000-05-15 03:36:35 +0000
commita582c77134b70f81a9ab54b67a2f9f7f64115ea9 (patch)
treec15c687a0d49232c2e402b8ffcc87083db8ffcdf
parent5c8592bac82f56d9c917322d101d356aa061082c (diff)
Fix sanity check that caused really short packets (ICMPs with less
than 8 bytes of payload) to be dropped. Did not affect TCP/UDP packets and most ICMP packets.
-rw-r--r--sys/netinet/ip_esp.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c
index ccba29bc436..683b9a85de3 100644
--- a/sys/netinet/ip_esp.c
+++ b/sys/netinet/ip_esp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_esp.c,v 1.41 2000/04/25 02:53:45 jason Exp $ */
+/* $OpenBSD: ip_esp.c,v 1.42 2000/05/15 03:36:34 angelos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -616,9 +616,9 @@ esp_input_cb(void *op)
m_copydata(m, m->m_pkthdr.len - 3, 3, lastthree);
/* Verify pad length */
- if (lastthree[1] + 2 > m->m_pkthdr.len - skip - hlen)
+ if (lastthree[1] + 2 > m->m_pkthdr.len - skip)
{
- DPRINTF(("esp_input_cb(): invalid padding length %d for packet in SA %s/%08x\n", lastthree[2], ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ DPRINTF(("esp_input_cb(): invalid padding length %d for packet in SA %s/%08x\n", lastthree[1], ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
espstat.esps_badilen++;
m_freem(m);
return EINVAL;