diff options
Diffstat (limited to 'src/openvpn/mss.c')
| -rw-r--r-- | src/openvpn/mss.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c index 5b110d2..c36e004 100644 --- a/src/openvpn/mss.c +++ b/src/openvpn/mss.c @@ -16,10 +16,9 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * - * You should have received a copy of the GNU General Public License - * along with this program (see the file COPYING included with this - * distribution); if not, write to the Free Software Foundation, Inc., - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifdef HAVE_CONFIG_H @@ -120,8 +119,12 @@ mss_fixup_ipv6(struct buffer *buf, int maxmss) return; } + /* skip IPv6 header (40 bytes), + * verify remainder is large enough to contain a full TCP header + */ newbuf = *buf; - if (buf_advance( &newbuf, 40 ) ) + if (buf_advance( &newbuf, 40 ) + && BLEN(&newbuf) >= (int) sizeof(struct openvpn_tcphdr)) { struct openvpn_tcphdr *tc = (struct openvpn_tcphdr *) BPTR(&newbuf); if (tc->flags & OPENVPN_TCPH_SYN_MASK) @@ -145,7 +148,10 @@ mss_fixup_dowork(struct buffer *buf, uint16_t maxmss) int accumulate; struct openvpn_tcphdr *tc; - ASSERT(BLEN(buf) >= (int) sizeof(struct openvpn_tcphdr)); + if (BLEN(buf) < (int) sizeof(struct openvpn_tcphdr)) + { + return; + } verify_align_4(buf); tc = (struct openvpn_tcphdr *) BPTR(buf); @@ -160,8 +166,9 @@ mss_fixup_dowork(struct buffer *buf, uint16_t maxmss) for (olen = hlen - sizeof(struct openvpn_tcphdr), opt = (uint8_t *)(tc + 1); - olen > 0; - olen -= optlen, opt += optlen) { + olen > 1; + olen -= optlen, opt += optlen) + { if (*opt == OPENVPN_TCPOPT_EOL) { break; |