From 34f83c52e7ffb6a49c15ec41296f8d2096692b55 Mon Sep 17 00:00:00 2001
From: "George V. Neville-Neil" <gnn@FreeBSD.org>
Date: Sat, 14 Jan 2006 16:39:31 +0000
Subject: [PATCH] Check the correct TTL in both the IPv6 and IPv4 cases.

Submitted by:	glebius
Reviewed by:	gnn, bz
Found with:     Coverity Prevent(tm)
---
 sys/netinet/tcp_input.c | 10 ++++++++--
 sys/netinet/tcp_reass.c | 10 ++++++++--
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index c62752d634aa..a8f3c8168fbd 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -743,8 +743,14 @@ tcp_input(m, off0)
 	INP_LOCK(inp);
 
 	/* Check the minimum TTL for socket. */
-	if (inp->inp_ip_minttl && inp->inp_ip_minttl > ip->ip_ttl)
-		goto drop;
+	if (inp->inp_ip_minttl != 0) {
+#ifdef INET6
+		if (isipv6 && inp->inp_ip_minttl > ip6->ip6_hlim)
+			goto drop;
+#endif
+		if (inp->inp_ip_minttl > ip->ip_ttl)
+			goto drop;
+	}
 
 	if (inp->inp_vflag & INP_TIMEWAIT) {
 		/*
diff --git a/sys/netinet/tcp_reass.c b/sys/netinet/tcp_reass.c
index c62752d634aa..a8f3c8168fbd 100644
--- a/sys/netinet/tcp_reass.c
+++ b/sys/netinet/tcp_reass.c
@@ -743,8 +743,14 @@ tcp_input(m, off0)
 	INP_LOCK(inp);
 
 	/* Check the minimum TTL for socket. */
-	if (inp->inp_ip_minttl && inp->inp_ip_minttl > ip->ip_ttl)
-		goto drop;
+	if (inp->inp_ip_minttl != 0) {
+#ifdef INET6
+		if (isipv6 && inp->inp_ip_minttl > ip6->ip6_hlim)
+			goto drop;
+#endif
+		if (inp->inp_ip_minttl > ip->ip_ttl)
+			goto drop;
+	}
 
 	if (inp->inp_vflag & INP_TIMEWAIT) {
 		/*