Fix a logic error in ipsec code that extracts

information from the packets. Reviewed by: bz, mlaier Approved by: mlaier(mentor) MFC after: 1 month
2010-04-02 18:15:23 +00:00 · 2010-04-02 18:15:23 +00:00 · 87a25418ac
commit 87a25418ac
parent 489ca05be7
1 changed files with 1 additions and 1 deletions
--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@ -592,7 +592,7 @@ ipsec4_get_ulp(struct mbuf *m, struct secpolicyindex *spidx, int needport)
 	IPSEC_ASSERT(m->m_pkthdr.len >= sizeof(struct ip),("packet too short"));

 	/* NB: ip_input() flips it into host endian. XXX Need more checking. */
-	if (m->m_len < sizeof (struct ip)) {
+	if (m->m_len >= sizeof (struct ip)) {
 		struct ip *ip = mtod(m, struct ip *);
 		if (ip->ip_off & (IP_MF | IP_OFFMASK))
 			goto done;