Page MenuHomeFreeBSD
Files F151719215

D23091.id66587.diff
No OneTemporary
Actions

D23091.id66587.diff
View Options

Index: sys/netgraph/ng_nat.c
===================================================================
--- sys/netgraph/ng_nat.c
+++ sys/netgraph/ng_nat.c
@@ -807,11 +807,16 @@
panic("Corrupted priv->dlt: %u", priv->dlt);
}
+ if (m->m_pkthdr.len < ipofs + sizeof(struct ip))
+ goto send; /* packet too short to hold IP */
+
c = (char *)mtodo(m, ipofs);
ip = (struct ip *)mtodo(m, ipofs);
- KASSERT(m->m_pkthdr.len == ipofs + ntohs(ip->ip_len),
- ("ng_nat: ip_len != m_pkthdr.len"));
+ if (ip->ip_v != IPVERSION)
+ goto send; /* other IP version, let it pass */
+ if (m->m_pkthdr.len < ipofs + ntohs(ip->ip_len))
+ goto send; /* packet too short (i.e. fragmented or broken) */
/*
* We drop packet when:

File Metadata

Mime Type
text/plain
Expires
Sat, Apr 11, 6:16 AM (10 h, 5 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
31272777
Default Alt Text
D23091.id66587.diff (726 B)

Event Timeline