aboutsummaryrefslogtreecommitdiff
path: root/sys/netinet6/ah_output.c
diff options
context:
space:
mode:
authorKris Kennaway <kris@FreeBSD.org>2001-02-20 03:25:50 +0000
committerKris Kennaway <kris@FreeBSD.org>2001-02-20 03:25:50 +0000
commit504d8fd0401910d3f7abf6a550ac0ce3df7bdd16 (patch)
tree0e715a8e14a880760c1dfea4f26d936c17c9ffc8 /sys/netinet6/ah_output.c
parentda33b5e7454cc3d7ec4e221720f1615ee07eced4 (diff)
downloadsrc-504d8fd0401910d3f7abf6a550ac0ce3df7bdd16.tar.gz
src-504d8fd0401910d3f7abf6a550ac0ce3df7bdd16.zip
Correct IPv4 option processing.
Submitted by: itojun Obtained from: KAME
Notes
Notes: svn path=/head/; revision=72739
Diffstat (limited to 'sys/netinet6/ah_output.c')
-rw-r--r--sys/netinet6/ah_output.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/sys/netinet6/ah_output.c b/sys/netinet6/ah_output.c
index 477c589534c8..df9f4d592bc5 100644
--- a/sys/netinet6/ah_output.c
+++ b/sys/netinet6/ah_output.c
@@ -521,6 +521,15 @@ ah4_finaldst(m)
q = (u_char *)(ip + 1);
i = 0;
while (i < optlen) {
+ if (i + IPOPT_OPTVAL >= optlen)
+ return NULL;
+ if (q[i + IPOPT_OPTVAL] == IPOPT_EOL ||
+ q[i + IPOPT_OPTVAL] == IPOPT_NOP ||
+ i + IPOPT_OLEN < optlen)
+ ;
+ else
+ return NULL;
+
switch (q[i + IPOPT_OPTVAL]) {
case IPOPT_EOL:
i = optlen; /* bye */