From d94fab6e66bc1f43b12c01759d3baaca6e0df5d2 Mon Sep 17 00:00:00 2001
From: jlemon <jlemon@FreeBSD.org>
Date: Fri, 2 Jun 2000 20:18:38 +0000
Subject: Add boundary checks against IP options.

Obtained from:	OpenBSD
---
 sys/netinet/ip_icmp.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'sys/netinet/ip_icmp.c')

diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
index c4ea24c..58a4915 100644
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@ -654,8 +654,11 @@ icmp_reflect(m)
 			    if (opt == IPOPT_NOP)
 				    len = 1;
 			    else {
+				    if (cnt < IPOPT_OLEN + sizeof(*cp))
+					    break;
 				    len = cp[IPOPT_OLEN];
-				    if (len <= 0 || len > cnt)
+				    if (len < IPOPT_OLEN + sizeof(*cp) ||
+				        len > cnt)
 					    break;
 			    }
 			    /*
-- 
cgit v1.1