From b7bdb29b454847108b4f6f6a0ab61e9a668f87aa Mon Sep 17 00:00:00 2001 From: Daniel Hartmeier Date: Tue, 12 Nov 2002 13:38:42 +0000 Subject: Check for undersized IP header, found by jbm@, ok angelos@ --- sys/netinet/ip_spd.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'sys') diff --git a/sys/netinet/ip_spd.c b/sys/netinet/ip_spd.c index a9939dd10d7..e6fc4b951d1 100644 --- a/sys/netinet/ip_spd.c +++ b/sys/netinet/ip_spd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_spd.c,v 1.46 2002/06/09 16:26:10 itojun Exp $ */ +/* $OpenBSD: ip_spd.c,v 1.47 2002/11/12 13:38:41 dhartmei Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -116,6 +116,10 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int *error, int direction, switch (af) { #ifdef INET case AF_INET: + if (hlen < sizeof (struct ip) || m->m_pkthdr.len < hlen) { + *error = EINVAL; + return NULL; + } ddst->sen_direction = direction; ddst->sen_type = SENT_IP4; @@ -166,6 +170,10 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int *error, int direction, #ifdef INET6 case AF_INET6: + if (hlen < sizeof (struct ip6_hdr) || m->m_pkthdr.len < hlen) { + *error = EINVAL; + return NULL; + } ddst->sen_type = SENT_IP6; ddst->sen_ip6_direction = direction; -- cgit v1.2.3