diff options
author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2018-11-05 20:52:23 +0000 |
---|---|---|
committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2018-11-05 20:52:23 +0000 |
commit | c3f8885fea549edf145ddfbafad75709cde2c66c (patch) | |
tree | 5cde329b47ac59e58c2b4053fd6ea089ccb9795d /sys | |
parent | 6794c2f9b94d086cc4f76ca31387ab361340359b (diff) |
Consider the size of IP header when doing the ICMP length overflow
check. This code was never reached as ICMP length was truncated
before, but fix the wrong calculation anyway.
OK claudio@
Diffstat (limited to 'sys')
-rw-r--r-- | sys/netinet/ip_icmp.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index d911e72d3d2..07429e91d19 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_icmp.c,v 1.178 2018/11/05 10:06:10 claudio Exp $ */ +/* $OpenBSD: ip_icmp.c,v 1.179 2018/11/05 20:52:22 bluhm Exp $ */ /* $NetBSD: ip_icmp.c,v 1.19 1996/02/13 23:42:22 christos Exp $ */ /* @@ -206,9 +206,9 @@ icmp_do_error(struct mbuf *n, int type, int code, u_int32_t dest, int destmtu) * according to RFC1812; */ - KASSERT(ICMP_MINLEN <= MCLBYTES); + KASSERT(ICMP_MINLEN + sizeof (struct ip) <= MCLBYTES); - if (icmplen + ICMP_MINLEN > MCLBYTES) + if (sizeof (struct ip) + icmplen + ICMP_MINLEN > MCLBYTES) icmplen = MCLBYTES - ICMP_MINLEN - sizeof (struct ip); m = m_gethdr(M_DONTWAIT, MT_HEADER); |