The current code looks buggy, we zero ti_i while we access
ti_dst/ti_src later.
Signed-off-by: Tao Wu <lep...@google.com>
---
slirp/tcp_subr.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index dc8b4bbb50..da0d53743f 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -148,7 +148,16 @@ tcp_respond(struct tcpcb *tp, struct tcpiphdr *ti, struct
mbuf *m,
m->m_data += IF_MAXLINKHDR;
*mtod(m, struct tcpiphdr *) = *ti;
ti = mtod(m, struct tcpiphdr *);
- memset(&ti->ti, 0, sizeof(ti->ti));
+ switch (af) {
+ case AF_INET:
+ ti->ti.ti_i4.ih_x1 = 0;
+ break;
+ case AF_INET6:
+ ti->ti.ti_i6.ih_x1 = 0;
+ break;
+ default:
+ g_assert_not_reached();
+ }
flags = TH_ACK;
} else {
/*
--
2.15.0.448.gf294e3d99a-goog
