summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorJun-ichiro itojun Hagino <itojun@cvs.openbsd.org>2000-05-06 17:55:09 +0000
committerJun-ichiro itojun Hagino <itojun@cvs.openbsd.org>2000-05-06 17:55:09 +0000
commit1751de200d208f2c0753e46f48db3320d6c3cda6 (patch)
treec5d0b6302feabb1eb482d3d6b420e70ed9e7321e /sys
parent40f6fa7dc9ff66b67b05fd7b606d260f236187d6 (diff)
avoid underflow on unsigned value arithmetic (when optlen < 4).
2nd half of NetBSD Security Advisory 2000-002.
Diffstat (limited to 'sys')
-rw-r--r--sys/netinet/ip_input.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index a62dc6f916b..f00bf842056 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_input.c,v 1.53 2000/05/06 01:47:05 deraadt Exp $ */
+/* $OpenBSD: ip_input.c,v 1.54 2000/05/06 17:55:08 itojun Exp $ */
/* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */
/*
@@ -919,7 +919,7 @@ ip_dooptions(m)
break;
}
off--; /* 0 origin */
- if (off > optlen - sizeof(struct in_addr)) {
+ if ((off + sizeof(struct in_addr)) > optlen) {
/*
* End of source route. Should be for us.
*/
@@ -964,7 +964,7 @@ ip_dooptions(m)
* If no space remains, ignore.
*/
off--; /* 0 origin */
- if (off > optlen - sizeof(struct in_addr))
+ if ((off + sizeof(struct in_addr)) > optlen)
break;
bcopy((caddr_t)(&ip->ip_dst), (caddr_t)&ipaddr.sin_addr,
sizeof(ipaddr.sin_addr));