From 6cc5b893d530f8cbf5e3f7b98d6e871693b006f2 Mon Sep 17 00:00:00 2001
From: ume <ume@FreeBSD.org>
Date: Wed, 9 Mar 2005 14:39:48 +0000
Subject: reported from VANHULLEBUS Yvan [remote kernel crash may result]

Submitted by:	itojun
Obtained from:	KAME
MFC after:	1 day
---
 sys/netinet6/ipsec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'sys/netinet6')

diff --git a/sys/netinet6/ipsec.c b/sys/netinet6/ipsec.c
index 960d96c..63e02d0 100644
--- a/sys/netinet6/ipsec.c
+++ b/sys/netinet6/ipsec.c
@@ -1007,7 +1007,7 @@ ipsec4_get_ulp(m, spidx, needport)
 			    uh.uh_dport;
 			return;
 		case IPPROTO_AH:
-			if (m->m_pkthdr.len > off + sizeof(ip6e))
+			if (off + sizeof(ip6e) > m->m_pkthdr.len)
 				return;
 			m_copydata(m, off, sizeof(ip6e), (caddr_t)&ip6e);
 			off += (ip6e.ip6e_len + 2) << 2;
-- 
cgit v1.1