diff options
| author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-11-12 13:38:42 +0000 |
|---|---|---|
| committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-11-12 13:38:42 +0000 |
| commit | b7bdb29b454847108b4f6f6a0ab61e9a668f87aa (patch) | |
| tree | 8b046b393d82c91c569d0914c447836c4802349a | |
| parent | 83cce7161f704ad0197daa1410f28f6978c58aaf (diff) | |
Check for undersized IP header, found by jbm@, ok angelos@
| -rw-r--r-- | sys/netinet/ip_spd.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/sys/netinet/ip_spd.c b/sys/netinet/ip_spd.c index a9939dd10d7..e6fc4b951d1 100644 --- a/sys/netinet/ip_spd.c +++ b/sys/netinet/ip_spd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_spd.c,v 1.46 2002/06/09 16:26:10 itojun Exp $ */ +/* $OpenBSD: ip_spd.c,v 1.47 2002/11/12 13:38:41 dhartmei Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -116,6 +116,10 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int *error, int direction, switch (af) { #ifdef INET case AF_INET: + if (hlen < sizeof (struct ip) || m->m_pkthdr.len < hlen) { + *error = EINVAL; + return NULL; + } ddst->sen_direction = direction; ddst->sen_type = SENT_IP4; @@ -166,6 +170,10 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int *error, int direction, #ifdef INET6 case AF_INET6: + if (hlen < sizeof (struct ip6_hdr) || m->m_pkthdr.len < hlen) { + *error = EINVAL; + return NULL; + } ddst->sen_type = SENT_IP6; ddst->sen_ip6_direction = direction; |