diff options
| -rw-r--r-- | sys/netinet/fil.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/sys/netinet/fil.c b/sys/netinet/fil.c index 3a5444ade0b3..bb53f4970bb9 100644 --- a/sys/netinet/fil.c +++ b/sys/netinet/fil.c @@ -285,13 +285,19 @@ getports: } - for (s = (u_char *)(ip + 1), hlen -= (int)sizeof(*ip); hlen; ) { + for (s = (u_char *)(ip + 1), hlen -= (int)sizeof(*ip); hlen > 0; ) { opt = *s; if (opt == '\0') break; - ol = (opt == IPOPT_NOP) ? 1 : (int)*(s+1); - if (opt > 1 && (ol < 2 || ol > hlen)) - break; + else if (opt == IPOPT_NOP) + ol = 1; + else { + if (hlen < 2) + break; + ol = (int)*(s + 1); + if (ol < 2 || ol > hlen) + break; + } for (i = 9, mv = 4; mv >= 0; ) { op = ipopts + i; if (opt == (u_char)op->ol_val) { |