This would erroneously abort on some very short packets.
This is a DoS vulnerability, exposed to internal sites only.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
* SECURITY: Fixes to MTU and fragmentation handling.
* SECURITY: Correctly set "unused" ICMP header field.
* Do not send ICMP errors in response to unknown incoming ICMP.
+ * SECURITY: Fix IP length check not to crash on very short packets.
--
BUF_FREE(buf);
return;
}
- assert(buf->size >= (int)sizeof(struct icmphdr));
+ assert(buf->size >= (int)sizeof(struct iphdr));
iph=(struct iphdr *)buf->start;
source=ntohl(iph->saddr);