summaryrefslogtreecommitdiffstats
path: root/sys/netinet6/esp_input.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet6/esp_input.c')
-rw-r--r--sys/netinet6/esp_input.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/sys/netinet6/esp_input.c b/sys/netinet6/esp_input.c
index 1ad8dcd..b038f6c 100644
--- a/sys/netinet6/esp_input.c
+++ b/sys/netinet6/esp_input.c
@@ -217,6 +217,10 @@ esp4_input(m, off)
if (!sumalgo)
goto noreplaycheck;
siz = (((*sumalgo->sumsiz)(sav) + 3) & ~(4 - 1));
+ if (m->m_pkthdr.len < off + ESPMAXLEN + siz) {
+ ipsecstat.in_inval++;
+ goto bad;
+ }
if (AH_MAXSUMSIZE < siz) {
ipseclog((LOG_DEBUG,
"internal error: AH_MAXSUMSIZE must be larger than %lu\n",
@@ -572,6 +576,10 @@ esp6_input(mp, offp, proto)
if (!sumalgo)
goto noreplaycheck;
siz = (((*sumalgo->sumsiz)(sav) + 3) & ~(4 - 1));
+ if (m->m_pkthdr.len < off + ESPMAXLEN + siz) {
+ ipsecstat.in_inval++;
+ goto bad;
+ }
if (AH_MAXSUMSIZE < siz) {
ipseclog((LOG_DEBUG,
"internal error: AH_MAXSUMSIZE must be larger than %lu\n",
OpenPOWER on IntegriCloud