d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix a logic error in ipsec code that extracts

Browse Source 
information from the packets.

Reviewed by:	bz, mlaier
Approved by:	mlaier(mentor)
MFC after:	1 month
This commit is contained in:
Ermal Luçi 2010-04-02 18:15:23 +00:00
parent 489ca05be7
commit 87a25418ac
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=206111
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/netipsec/ipsec.c
View File

@ -592,7 +592,7 @@ ipsec4_get_ulp(struct mbuf *m, struct secpolicyindex *spidx, int needport)
IPSEC_ASSERT(m->m_pkthdr.len >= sizeof(struct ip),("packet too short"));
/* NB: ip_input() flips it into host endian. XXX Need more checking. */
if (m->m_len < sizeof (struct ip)) {
if (m->m_len >= sizeof (struct ip)) {
struct ip *ip = mtod(m, struct ip *);
if (ip->ip_off & (IP_MF | IP_OFFMASK))
goto done;