summaryrefslogtreecommitdiff
path: root/sys/net
diff options
context:
space:
mode:
authorJun-ichiro itojun Hagino <itojun@cvs.openbsd.org>2003-07-09 22:11:09 +0000
committerJun-ichiro itojun Hagino <itojun@cvs.openbsd.org>2003-07-09 22:11:09 +0000
commite03882a600ec8dd679abd424cc19889176ffa1c1 (patch)
tree9964a73c5f7c5de172973bbf3cc2d66ceacd6aaf /sys/net
parentf08e14b44e2ec630ed2dab0b988d3129234bb5cb (diff)
check if m->m_pkthdr.len is too short
Diffstat (limited to 'sys/net')
-rw-r--r--sys/net/pf_norm.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index 87e09a6098e..9c7fbd76043 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_norm.c,v 1.65 2003/07/09 22:09:20 itojun Exp $ */
+/* $OpenBSD: pf_norm.c,v 1.66 2003/07/09 22:11:08 itojun Exp $ */
/*
* Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -1131,6 +1131,8 @@ pf_normalize_ip6(struct mbuf **m0, int dir, struct ifnet *ifp, u_short *reason)
plen = ntohs(h->ip6_plen);
if (plen == 0)
goto drop;
+ if (sizeof(struct ip6_hdr) + plen < m->m_pkthdr.len)
+ goto shortpkt;
/* Enforce a minimum ttl, may cause endless packet loops */
if (r->min_ttl && h->ip6_hlim < r->min_ttl)