diff options
| author | Martin Pieuchot <mpi@cvs.openbsd.org> | 2018-09-13 12:29:44 +0000 |
|---|---|---|
| committer | Martin Pieuchot <mpi@cvs.openbsd.org> | 2018-09-13 12:29:44 +0000 |
| commit | ff9dc9d416c56af15285c6a260a3f6f465b82c3c (patch) | |
| tree | 276baf26951eb303cf10c1c0d004b4dc96cad9c7 /sys/netinet | |
| parent | af0479cc5a33b447fbb264b10abd485dac8a0bc8 (diff) | |
Include the size of IPCOMP header when checking for compression.
Problem found and anaylyzed by Romain Gabet, ok markus@
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_ipcomp.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netinet/ip_ipcomp.c b/sys/netinet/ip_ipcomp.c index 7c3a10536f6..dac65a0344f 100644 --- a/sys/netinet/ip_ipcomp.c +++ b/sys/netinet/ip_ipcomp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipcomp.c,v 1.65 2018/08/28 15:15:02 mpi Exp $ */ +/* $OpenBSD: ip_ipcomp.c,v 1.66 2018/09/13 12:29:43 mpi Exp $ */ /* * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org) @@ -503,7 +503,7 @@ ipcomp_output_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, rlen = ilen - skip; /* Check sizes. */ - if (rlen < olen) { + if (rlen <= olen + IPCOMP_HLENGTH) { /* Compression was useless, we have lost time. */ ipcompstat_inc(ipcomps_minlen); /* misnomer, but like to count */ goto skiphdr; |