Add boundary checks against IP options.

Obtained from: OpenBSD
author: jlemon <jlemon@FreeBSD.org> 2000-06-02 20:18:38 +0000
committer: jlemon <jlemon@FreeBSD.org> 2000-06-02 20:18:38 +0000
commit: d94fab6e66bc1f43b12c01759d3baaca6e0df5d2 (patch)
tree: 9ecbf7d7d025e2c48fe1d6759185766c04e0625c /sys/netinet/ip_output.c
parent: 7c8d1a02ff40df8fde524b8406ff5a51ae21e223 (diff)
download: FreeBSD-src-d94fab6e66bc1f43b12c01759d3baaca6e0df5d2.zip
FreeBSD-src-d94fab6e66bc1f43b12c01759d3baaca6e0df5d2.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 8faed58..2536b63 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -1382,8 +1382,10 @@ ip_pcbopts(optname, pcbopt, m)
 		if (opt == IPOPT_NOP)
 			optlen = 1;
 		else {
+			if (cnt < IPOPT_OLEN + sizeof(*cp))
+				goto bad;
 			optlen = cp[IPOPT_OLEN];
-			if (optlen <= IPOPT_OLEN || optlen > cnt)
+			if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt)
 				goto bad;
 		}
 		switch (opt) {
author	jlemon <jlemon@FreeBSD.org>	2000-06-02 20:18:38 +0000
committer	jlemon <jlemon@FreeBSD.org>	2000-06-02 20:18:38 +0000
commit	d94fab6e66bc1f43b12c01759d3baaca6e0df5d2 (patch)
tree	9ecbf7d7d025e2c48fe1d6759185766c04e0625c /sys/netinet/ip_output.c
parent	7c8d1a02ff40df8fde524b8406ff5a51ae21e223 (diff)
download	FreeBSD-src-d94fab6e66bc1f43b12c01759d3baaca6e0df5d2.zip FreeBSD-src-d94fab6e66bc1f43b12c01759d3baaca6e0df5d2.tar.gz