d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

The assumption in ipsec4_process_packet() that the payload may be

Browse Source 
only IPv4 is wrong, so check the IP version before mangling the
payload header.
This commit is contained in:
Marko Zec 2014-07-01 08:02:25 +00:00
parent 93b8d53c09
commit b01e3d0802
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/netipsec/ipsec_output.c
View File

@ -498,9 +498,11 @@ ipsec4_process_packet(
goto bad;
}
ip = mtod(m, struct ip *);
ip->ip_len = htons(m->m_pkthdr.len);
ip->ip_sum = 0;
ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
if (ip->ip_v == IPVERSION) {
ip->ip_len = htons(m->m_pkthdr.len);
ip->ip_sum = 0;
ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
}
/* Encapsulate the packet */
error = ipip_output(m, isr, &mp, 0, 0);