diff options
author | glebius <glebius@FreeBSD.org> | 2005-02-11 21:26:39 +0000 |
---|---|---|
committer | glebius <glebius@FreeBSD.org> | 2005-02-11 21:26:39 +0000 |
commit | 5801ece863be8ec6a9f785c3cb3d97c62499c7ea (patch) | |
tree | 5bcc6eb970515e6716382c86b9d512bac921249c /sys/netgraph | |
parent | 6ce8df8f98762bd02122e50bfd15d016a10b64a5 (diff) | |
download | FreeBSD-src-5801ece863be8ec6a9f785c3cb3d97c62499c7ea.zip FreeBSD-src-5801ece863be8ec6a9f785c3cb3d97c62499c7ea.tar.gz |
pullup to sizeof struct ip before sending to ip_output.
Suggested by: ru
Diffstat (limited to 'sys/netgraph')
-rw-r--r-- | sys/netgraph/ng_ipfw.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/sys/netgraph/ng_ipfw.c b/sys/netgraph/ng_ipfw.c index e7325dc..2fab936 100644 --- a/sys/netgraph/ng_ipfw.c +++ b/sys/netgraph/ng_ipfw.c @@ -229,7 +229,13 @@ ng_ipfw_rcvdata(hook_p hook, item_p item) switch (ngit->dir) { case NG_IPFW_OUT: { - struct ip *ip = mtod(m, struct ip *); + struct ip *ip; + + if (m->m_len < sizeof (struct ip) && + (m = m_pullup(m, sizeof (struct ip))) == NULL) + return(EINVAL); + + ip = mtod(m, struct ip *); ip->ip_len = ntohs(ip->ip_len); ip->ip_off = ntohs(ip->ip_off); |