netlink: fix IP length check (SECURITY)

author Ian Jackson <ijackson@chiark.greenend.org.uk>

Sun, 13 Apr 2014 23:45:35 +0000 (00:45 +0100)

committer Ian Jackson <ijackson@chiark.greenend.org.uk>

Thu, 24 Apr 2014 01:32:45 +0000 (02:32 +0100)
author Ian Jackson <ijackson@chiark.greenend.org.uk>
Sun, 13 Apr 2014 23:45:35 +0000 (00:45 +0100)
committer Ian Jackson <ijackson@chiark.greenend.org.uk>
Thu, 24 Apr 2014 01:32:45 +0000 (02:32 +0100)
diff --git a/debian/changelog b/debian/changelog

index fe6caaeac517d982ee5994fe1b554c1bf9a50db2..46645f46732c547b86ad13f7508574e2b44cc410 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,7 @@ secnet (0.3.1~~unstable) unstable; urgency=low
    * SECURITY: Fixes to MTU and fragmentation handling.
    * SECURITY: Correctly set "unused" ICMP header field.
    * Do not send ICMP errors in response to unknown incoming ICMP.
+  * SECURITY: Fix IP length check not to crash on very short packets.
  
   --
  
diff --git a/netlink.c b/netlink.c

index 2c3d12d4302b00aea1a59d44dbdd3ca130a532fc..787f4eb7e3c3ef8263d67344bdf831ebfdc6744f 100644 (file)
--- a/netlink.c
+++ b/netlink.c
@@ -831,7 +831,7 @@ static void netlink_incoming(struct netlink *st, struct netlink_client *client,
         BUF_FREE(buf);
         return;
      }
-    assert(buf->size >= (int)sizeof(struct icmphdr));
+    assert(buf->size >= (int)sizeof(struct iphdr));
      iph=(struct iphdr *)buf->start;
  
      source=ntohl(iph->saddr);
author	Ian Jackson <ijackson@chiark.greenend.org.uk>
	Sun, 13 Apr 2014 23:45:35 +0000 (00:45 +0100)
committer	Ian Jackson <ijackson@chiark.greenend.org.uk>
	Thu, 24 Apr 2014 01:32:45 +0000 (02:32 +0100)
debian/changelog		patch \| blob \| history
netlink.c		patch \| blob \| history