summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sys/net/pf.c6
-rw-r--r--sys/net/pf_norm.c6
2 files changed, 6 insertions, 6 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 494f844aa14..799463d302a 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.834 2013/06/05 00:56:35 henning Exp $ */
+/* $OpenBSD: pf.c,v 1.835 2013/06/17 19:50:06 bluhm Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -2457,8 +2457,8 @@ pf_modulate_sack(struct pf_pdesc *pd, struct pf_state_peer *dst)
struct sackblk sack;
#define TCPOLEN_SACKLEN (TCPOLEN_SACK + 2)
- if (hlen < TCPOLEN_SACKLEN || !pf_pull_hdr(pd->m, pd->off + sizeof(*th),
- opts, hlen, NULL, NULL, pd->af))
+ if (hlen < TCPOLEN_SACKLEN || hlen > MAX_TCPOPTLEN || !pf_pull_hdr(
+ pd->m, pd->off + sizeof(*th), opts, hlen, NULL, NULL, pd->af))
return 0;
while (hlen >= TCPOLEN_SACKLEN) {
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index 1ab9d4ba804..8ba8357f352 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_norm.c,v 1.157 2012/11/06 12:32:41 henning Exp $ */
+/* $OpenBSD: pf_norm.c,v 1.158 2013/06/17 19:50:06 bluhm Exp $ */
/*
* Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -1401,8 +1401,8 @@ pf_normalize_mss(struct pf_pdesc *pd, u_int16_t maxmss)
thoff = th->th_off << 2;
cnt = thoff - sizeof(struct tcphdr);
- if (cnt > 0 && !pf_pull_hdr(pd->m, pd->off + sizeof(*th), opts, cnt,
- NULL, NULL, pd->af))
+ if (cnt <= 0 || cnt > MAX_TCPOPTLEN || !pf_pull_hdr(pd->m,
+ pd->off + sizeof(*th), opts, cnt, NULL, NULL, pd->af))
return (0);
for (; cnt > 0; cnt -= optlen, optp += optlen) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-18 02:57:27 +0000