From 40f8cb7717abff1f4480b170979d585ffa5f37c1 Mon Sep 17 00:00:00 2001
From: kris <kris@FreeBSD.org>
Date: Tue, 20 Feb 2001 03:25:50 +0000
Subject: Correct IPv4 option processing.

Submitted by:	itojun
Obtained from:	KAME
---
 sys/netinet6/ah_output.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'sys/netinet6/ah_output.c')

diff --git a/sys/netinet6/ah_output.c b/sys/netinet6/ah_output.c
index 477c589..df9f4d5 100644
--- a/sys/netinet6/ah_output.c
+++ b/sys/netinet6/ah_output.c
@@ -521,6 +521,15 @@ ah4_finaldst(m)
 	q = (u_char *)(ip + 1);
 	i = 0;
 	while (i < optlen) {
+		if (i + IPOPT_OPTVAL >= optlen)
+			return NULL;
+		if (q[i + IPOPT_OPTVAL] == IPOPT_EOL ||
+		    q[i + IPOPT_OPTVAL] == IPOPT_NOP ||
+		    i + IPOPT_OLEN < optlen)
+			;
+		else
+			return NULL;
+
 		switch (q[i + IPOPT_OPTVAL]) {
 		case IPOPT_EOL:
 			i = optlen;	/* bye */
-- 
cgit v1.1