Fix a problem in the Skinny ALG where a specially crafted packet could cause

a libalias application (e.g.  natd, ppp, etc.) to crash.  Note: Skinny support
is not enabled in natd or ppp by default.

Approved by:	secteam (nectar)
MFC after:	1 day
Secuiryt:	This fixes a remote DoS exploit

1 files changed, 4 insertions, 4 deletions

diff --git a/lib/libalias/alias_skinny.c b/lib/libalias/alias_skinny.c
index 74c283c..d1e4a14 100644
--- a/lib/libalias/alias_skinny.c
+++ b/lib/libalias/alias_skinny.c
@@ -216,11 +216,11 @@ alias_skinny_opnrcvch_ack(struct libalias *la, struct OpenReceiveChannelAck *opn
 void
 AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *lnk)
 {
-	int hlen, tlen, dlen;
+	size_t hlen, tlen, dlen;
 	struct tcphdr *tc;
-	int32_t msgId, len, t, lip;
+	u_int32_t msgId, t, len, lip;
 	struct skinny_header *sd;
-	int orig_len, skinny_hdr_len = sizeof(struct skinny_header);
+	size_t orig_len, skinny_hdr_len = sizeof(struct skinny_header);
 	ConvDirection direction;
 
 	tc = (struct tcphdr *)ip_next(pip);
@@ -297,7 +297,7 @@ AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *lnk)
 				return;
 			}
 #ifdef DEBUG
-			fprintf(stderr
+			fprintf(stderr,
 			    "PacketAlias/Skinny: Received ipport message\n");
 #endif
 			port_mesg = (struct IpPortMessage *)&sd->msgId;