From: Christian Grothoff <christian@grothoff.org>
Date: Thu, 26 Jan 2012 16:11:25 +0000 (+0000)
Subject: -check tcp off value
X-Git-Tag: initial-import-from-subversion-38251~15062
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=0d2806354e0358c8df71b0d46283f6dbf0a1914f;p=oweals%2Fgnunet.git

-check tcp off value
---

diff --git a/src/vpn/gnunet-service-vpn.c b/src/vpn/gnunet-service-vpn.c
index 796a4a6e1..7b29cbbd4 100644
--- a/src/vpn/gnunet-service-vpn.c
+++ b/src/vpn/gnunet-service-vpn.c
@@ -895,6 +895,11 @@ route_packet (struct DestinationEntry *destination,
 	return;
       }
       udp = payload;
+      if (udp->len < sizeof (struct GNUNET_TUN_UdpHeader))
+      {
+	GNUNET_break_op (0);
+	return GNUNET_SYSERR;
+      }
       spt = ntohs (udp->spt);
       dpt = ntohs (udp->dpt);
       get_tunnel_key_from_ips (af,
@@ -915,6 +920,11 @@ route_packet (struct DestinationEntry *destination,
 	return;
       }
       tcp = payload;
+      if (tcp->off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
+      {
+	GNUNET_break_op (0);
+	return GNUNET_SYSERR;
+      }
       spt = ntohs (tcp->spt);
       dpt = ntohs (tcp->dpt);
       get_tunnel_key_from_ips (af,
@@ -2203,6 +2213,11 @@ receive_tcp_back (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
 		inet_ntop (ts->af, &ts->source_ip, dbuf, sizeof (dbuf)),
 		ts->source_port);
   }
+  if (data->tcp_header.off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
+  {
+    GNUNET_break_op (0);
+    return GNUNET_SYSERR;
+  }
   switch (ts->af)
   {
   case AF_INET: