View | Details | Raw Unified | Return to bug 212283 | Differences between
and this patch

Collapse All | Expand All

(-)sys/netinet/raw_ip.c (-1 / +1 lines)
Lines 508-514 Link Here
508 
		 * and don't allow packet length sizes that will crash.
 508 
		 * and don't allow packet length sizes that will crash.
509 
		 */
 509 
		 */
510 
		if (((ip->ip_hl != (sizeof (*ip) >> 2)) && inp->inp_options)
 510 
		if (((ip->ip_hl != (sizeof (*ip) >> 2)) && inp->inp_options)
511 
		    || (ntohs(ip->ip_len) > m->m_pkthdr.len)
 511 
		    || (ntohs(ip->ip_len) != m->m_pkthdr.len)
512 
		    || (ntohs(ip->ip_len) < (ip->ip_hl << 2))) {
 512 
		    || (ntohs(ip->ip_len) < (ip->ip_hl << 2))) {
513 
			INP_RUNLOCK(inp);
 513 
			INP_RUNLOCK(inp);
514 
			m_freem(m);
 514 
			m_freem(m);

Return to bug 212283