ip-packet: Fix "packet too short" error when parsing fragmented IPv4 packets
authorTobias Brunner <tobias@strongswan.org>
Fri, 1 Sep 2017 06:57:56 +0000 (08:57 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 18 Sep 2017 08:28:54 +0000 (10:28 +0200)
Only attempt to parse the transport header of an IPv4 packet if it's
not fragmented or the first fragment.

src/libipsec/ip_packet.c

index 78b4c40..61382a2 100644 (file)
@@ -55,6 +55,10 @@ struct ip6_hdr {
 #define HAVE_NETINET_IP6_H /* not really, but we only need the struct above */
 #endif
 
+#ifndef IP_OFFMASK
+#define IP_OFFMASK 0x1fff
+#endif
+
 /**
  * TCP header, defined here because platforms disagree regarding member names
  * and unfortunately Android does not define a variant with BSD names.
@@ -253,7 +257,8 @@ ip_packet_t *ip_packet_create(chunk_t packet)
                        /* remove any RFC 4303 TFC extra padding */
                        packet.len = min(packet.len, untoh16(&ip->ip_len));
                        payload = chunk_skip(packet, ip->ip_hl * 4);
-                       if (!parse_transport_header(payload, ip->ip_p, &sport, &dport))
+                       if ((ip->ip_off & htons(IP_OFFMASK)) == 0 &&
+                               !parse_transport_header(payload, ip->ip_p, &sport, &dport))
                        {
                                goto failed;
                        }