summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2018-11-05 20:52:23 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2018-11-05 20:52:23 +0000
commitc3f8885fea549edf145ddfbafad75709cde2c66c (patch)
tree5cde329b47ac59e58c2b4053fd6ea089ccb9795d /sys
parent6794c2f9b94d086cc4f76ca31387ab361340359b (diff)
Consider the size of IP header when doing the ICMP length overflow
check. This code was never reached as ICMP length was truncated before, but fix the wrong calculation anyway. OK claudio@
Diffstat (limited to 'sys')
-rw-r--r--sys/netinet/ip_icmp.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
index d911e72d3d2..07429e91d19 100644
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_icmp.c,v 1.178 2018/11/05 10:06:10 claudio Exp $ */
+/* $OpenBSD: ip_icmp.c,v 1.179 2018/11/05 20:52:22 bluhm Exp $ */
/* $NetBSD: ip_icmp.c,v 1.19 1996/02/13 23:42:22 christos Exp $ */
/*
@@ -206,9 +206,9 @@ icmp_do_error(struct mbuf *n, int type, int code, u_int32_t dest, int destmtu)
* according to RFC1812;
*/
- KASSERT(ICMP_MINLEN <= MCLBYTES);
+ KASSERT(ICMP_MINLEN + sizeof (struct ip) <= MCLBYTES);
- if (icmplen + ICMP_MINLEN > MCLBYTES)
+ if (sizeof (struct ip) + icmplen + ICMP_MINLEN > MCLBYTES)
icmplen = MCLBYTES - ICMP_MINLEN - sizeof (struct ip);
m = m_gethdr(M_DONTWAIT, MT_HEADER);