This patch adds an additional length check to is_ipv4().
Currently is_ipv4() only checks whether the frame is large enough for struct
openvpn_ethhdr. In case of an 802.1Q packet the function now also checks
whether the frame is large enough for struct openvpn_8021qhdr, which is 4 bytes
larger than struct openvpn_ethhdr.
---
proto.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/proto.c b/proto.c
index 1f582ce..64486de 100644
--- a/proto.c
+++ b/proto.c
@@ -54,6 +54,9 @@ is_ipv4 (int tunnel_type, struct buffer *buf)
return false;
eh = (const struct openvpn_ethhdr *) BPTR (buf);
if (ntohs (eh->proto) == OPENVPN_ETH_P_8021Q) {
+ if (BLEN (buf) < (int)(sizeof (struct openvpn_8021qhdr)
+ + sizeof (struct openvpn_iphdr)))
+ return false;
const struct openvpn_8021qhdr *evh;
evh = (const struct openvpn_8021qhdr *) BPTR (buf);
if (ntohs (evh->proto) != OPENVPN_ETH_P_IPV4)
--
1.7.0
