Fix a logic error in ipsec code that extracts

information from the packets. Reviewed by: bz, mlaier Approved by: mlaier(mentor) MFC after: 1 month
author: eri <eri@FreeBSD.org> 2010-04-02 18:15:23 +0000
committer: eri <eri@FreeBSD.org> 2010-04-02 18:15:23 +0000
commit: e8f045c8eb236a5145ccb0c272dfa534d0acdcec (patch)
tree: d8cc19886aa77c1380beb0ea901b1330d246a2a2
parent: 311a2275ef1f0fb62bb28769a8e07ec79fdee75a (diff)
download: FreeBSD-src-e8f045c8eb236a5145ccb0c272dfa534d0acdcec.zip
FreeBSD-src-e8f045c8eb236a5145ccb0c272dfa534d0acdcec.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c
index 4b552c8..5ee4bbb 100644
--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@@ -592,7 +592,7 @@ ipsec4_get_ulp(struct mbuf *m, struct secpolicyindex *spidx, int needport)
 	IPSEC_ASSERT(m->m_pkthdr.len >= sizeof(struct ip),("packet too short"));
 
 	/* NB: ip_input() flips it into host endian. XXX Need more checking. */
-	if (m->m_len < sizeof (struct ip)) {
+	if (m->m_len >= sizeof (struct ip)) {
 		struct ip *ip = mtod(m, struct ip *);
 		if (ip->ip_off & (IP_MF | IP_OFFMASK))
 			goto done;
author	eri <eri@FreeBSD.org>	2010-04-02 18:15:23 +0000
committer	eri <eri@FreeBSD.org>	2010-04-02 18:15:23 +0000
commit	e8f045c8eb236a5145ccb0c272dfa534d0acdcec (patch)
tree	d8cc19886aa77c1380beb0ea901b1330d246a2a2
parent	311a2275ef1f0fb62bb28769a8e07ec79fdee75a (diff)
download	FreeBSD-src-e8f045c8eb236a5145ccb0c272dfa534d0acdcec.zip FreeBSD-src-e8f045c8eb236a5145ccb0c272dfa534d0acdcec.tar.gz