summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_ah_new.c
diff options
context:
space:
mode:
authorNiklas Hallqvist <niklas@cvs.openbsd.org>1998-11-25 02:01:29 +0000
committerNiklas Hallqvist <niklas@cvs.openbsd.org>1998-11-25 02:01:29 +0000
commitdf0457dc198642163b2ac78650e8a965f86aae27 (patch)
tree0377953b1f02bbe170d979bfd6f03702aaca03a9 /sys/netinet/ip_ah_new.c
parent9eace93090ecd5af22f4c9832c2e581cca6fd70f (diff)
Add checks of packets getting to big after transforms.
Also make sure some more error conditions get told to the caller.
Diffstat (limited to 'sys/netinet/ip_ah_new.c')
-rw-r--r--sys/netinet/ip_ah_new.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/sys/netinet/ip_ah_new.c b/sys/netinet/ip_ah_new.c
index ed8a442d0ce..1b4dd48ca7f 100644
--- a/sys/netinet/ip_ah_new.c
+++ b/sys/netinet/ip_ah_new.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ah_new.c,v 1.18 1998/06/03 09:50:18 provos Exp $ */
+/* $OpenBSD: ip_ah_new.c,v 1.19 1998/11/25 02:01:27 niklas Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -568,7 +568,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
DPRINTF(("ah_new_output(): m_pullup() failed, SA &x/%08x\n",
tdb->tdb_dst, ntohl(tdb->tdb_spi)));
ahstat.ahs_hdrops++;
- return NULL;
+ return ENOBUFS;
}
ip = mtod(m, struct ip *);
@@ -583,6 +583,15 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
ilen = ntohs(ip->ip_len);
ohlen = AH_NEW_FLENGTH;
+ if (ohlen + ilen > IP_MAXPACKET) {
+ if (encdebug)
+ log(LOG_ALERT,
+ "ah_new_output(): packet in SA %x/%0x8 got too big\n",
+ tdb->tdb_dst, ntohl(tdb->tdb_spi));
+ m_freem(m);
+ ahstat.ahs_toobig++;
+ return ENOBUFS;
+ }
ipo.ip_v = IPVERSION;
ipo.ip_hl = ip->ip_hl;