1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-23 11:18:54 +00:00

Require the embedded packet to contain 8 bytes after the IP header instead

of only 4. This is guaranteed by RFC 792 and the verification of GRE, ICMP
and TCP packets use 8 bytes.

MFC after: 3 days
This commit is contained in:
Michael Tuexen 2015-05-30 19:52:28 +00:00
parent 8dcbd3fed4
commit 3105514edd
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=283785

View File

@ -1330,7 +1330,7 @@ packet_ok(register u_char *buf, int cc, register struct sockaddr_in *from,
hiplen = ((u_char *)icp + cc) - (u_char *)hip;
hlen = hip->ip_hl << 2;
inner = (u_char *)((u_char *)hip + hlen);
if (hlen + 12 <= cc
if (hlen + 16 <= cc
&& hip->ip_p == proto->num
&& (*proto->check)(inner, (u_char)seq))
return (type == ICMP_TIMXCEED ? -1 : code + 1);