diff options
author | Eugene Grosbein <eugen@FreeBSD.org> | 2020-02-12 00:31:00 +0000 |
---|---|---|
committer | Eugene Grosbein <eugen@FreeBSD.org> | 2020-02-12 00:31:00 +0000 |
commit | 49f384cb477bd32a4d1e85f0bf9fe7499f6b3e72 (patch) | |
tree | d165d172183374a09b3bd8437eb491feb7d26f0d /sys | |
parent | f976241773df2260e6170317080761d1c5814fe5 (diff) | |
download | src-49f384cb477bd32a4d1e85f0bf9fe7499f6b3e72.tar.gz src-49f384cb477bd32a4d1e85f0bf9fe7499f6b3e72.zip |
Notes
Diffstat (limited to 'sys')
-rw-r--r-- | sys/netgraph/ng_nat.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/sys/netgraph/ng_nat.c b/sys/netgraph/ng_nat.c index f0784f43ddb8..4b6039d33654 100644 --- a/sys/netgraph/ng_nat.c +++ b/sys/netgraph/ng_nat.c @@ -806,11 +806,16 @@ ng_nat_rcvdata(hook_p hook, item_p item ) panic("Corrupted priv->dlt: %u", priv->dlt); } + if (m->m_pkthdr.len < ipofs + sizeof(struct ip)) + goto send; /* packet too short to hold IP */ + c = (char *)mtodo(m, ipofs); ip = (struct ip *)mtodo(m, ipofs); - KASSERT(m->m_pkthdr.len == ipofs + ntohs(ip->ip_len), - ("ng_nat: ip_len != m_pkthdr.len")); + if (ip->ip_v != IPVERSION) + goto send; /* other IP version, let it pass */ + if (m->m_pkthdr.len < ipofs + ntohs(ip->ip_len)) + goto send; /* packet too short (i.e. fragmented or broken) */ /* * We drop packet when: |