d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

more strict sanity check for ESP tail

Browse Source 
Obtained from: KAME
This commit is contained in:
suz 2003-10-22 10:44:59 +00:00
parent 698ac71d64
commit d11ff9f6a5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/netinet6/esp_input.c
View File

@ -332,7 +332,7 @@ noreplaycheck:
taillen = esptail.esp_padlen + sizeof(esptail);
if (m->m_pkthdr.len < taillen ||
m->m_pkthdr.len - taillen < hlen) { /* ? */
m->m_pkthdr.len - taillen < off + esplen + ivlen + sizeof(esptail)) {
ipseclog((LOG_WARNING,
"bad pad length in IPv4 ESP input: %s %s\n",
ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));