From 149cb385058be86d7a72a7b6904aed1dd28ca0c0 Mon Sep 17 00:00:00 2001
From: Mike Frantzen <frantzen@cvs.openbsd.org>
Date: Sat, 24 Apr 2004 19:14:49 +0000
Subject: be careful about option lengths.  ok henning@ mcbride@

---
 sys/net/pf_norm.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'sys/net/pf_norm.c')

diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index d2c6456d653..ea1e2214d84 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_norm.c,v 1.80 2004/03/09 21:44:41 mcbride Exp $ */
+/*	$OpenBSD: pf_norm.c,v 1.81 2004/04/24 19:14:48 frantzen Exp $ */
 
 /*
  * Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -1362,8 +1362,8 @@ pf_normalize_tcp_init(struct mbuf *m, int off, struct pf_pdesc *pd,
 				}
 				/* FALLTHROUGH */
 			default:
-				hlen -= opt[1];
-				opt += opt[1];
+				hlen -= MAX(opt[1], 2);
+				opt += MAX(opt[1], 2);
 				break;
 			}
 		}
@@ -1473,8 +1473,8 @@ pf_normalize_tcp_stateful(struct mbuf *m, int off, struct pf_pdesc *pd,
 				}
 				/* FALLTHROUGH */
 			default:
-				hlen -= opt[1];
-				opt += opt[1];
+				hlen -= MAX(opt[1], 2);
+				opt += MAX(opt[1], 2);
 				break;
 			}
 		}
-- 
cgit v1.2.3