diff options
author | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2003-07-09 22:11:09 +0000 |
---|---|---|
committer | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2003-07-09 22:11:09 +0000 |
commit | e03882a600ec8dd679abd424cc19889176ffa1c1 (patch) | |
tree | 9964a73c5f7c5de172973bbf3cc2d66ceacd6aaf /sys/net | |
parent | f08e14b44e2ec630ed2dab0b988d3129234bb5cb (diff) |
check if m->m_pkthdr.len is too short
Diffstat (limited to 'sys/net')
-rw-r--r-- | sys/net/pf_norm.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index 87e09a6098e..9c7fbd76043 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.65 2003/07/09 22:09:20 itojun Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.66 2003/07/09 22:11:08 itojun Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -1131,6 +1131,8 @@ pf_normalize_ip6(struct mbuf **m0, int dir, struct ifnet *ifp, u_short *reason) plen = ntohs(h->ip6_plen); if (plen == 0) goto drop; + if (sizeof(struct ip6_hdr) + plen < m->m_pkthdr.len) + goto shortpkt; /* Enforce a minimum ttl, may cause endless packet loops */ if (r->min_ttl && h->ip6_hlim < r->min_ttl) |