From 244df2ab7375680c3e35a304643ecd6f95f1860c Mon Sep 17 00:00:00 2001
From: Claudio Jeker <claudio@cvs.openbsd.org>
Date: Wed, 11 Feb 2015 05:58:58 +0000
Subject: Use sizeof(u_short) in the first check since there are RT messages
 that are less then sizeof(*rtm) bytes long (e.g. interface announcements).
 Found the hard way by phessler@

---
 usr.sbin/ospf6d/kroute.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'usr.sbin/ospf6d')

diff --git a/usr.sbin/ospf6d/kroute.c b/usr.sbin/ospf6d/kroute.c
index 9cf6513036f..84c06edb206 100644
--- a/usr.sbin/ospf6d/kroute.c
+++ b/usr.sbin/ospf6d/kroute.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kroute.c,v 1.46 2015/02/10 05:39:10 claudio Exp $ */
+/*	$OpenBSD: kroute.c,v 1.47 2015/02/11 05:58:57 claudio Exp $ */
 
 /*
  * Copyright (c) 2004 Esben Norby <norby@openbsd.org>
@@ -1271,7 +1271,7 @@ dispatch_rtmsg(void)
 	lim = buf + n;
 	for (next = buf; next < lim; next += rtm->rtm_msglen) {
 		rtm = (struct rt_msghdr *)next;
-		if (lim < next + sizeof(*rtm) ||
+		if (lim < next + sizeof(u_short) ||
 		    lim < next + rtm->rtm_msglen)
 			fatalx("dispatch_rtmsg: partial rtm in buffer");
 		if (rtm->rtm_version != RTM_VERSION)
-- 
cgit v1.2.3