summaryrefslogtreecommitdiff
path: root/src/libipsec/ip_packet.c
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2013-11-01 13:32:07 +0100
committerYves-Alexis Perez <corsac@debian.org>2013-11-01 13:32:07 +0100
commit5313d2d78ca150515f7f5eb39801c100690b6b29 (patch)
treec78e420367283bb1b16f14210b12687cdfbd26eb /src/libipsec/ip_packet.c
parent6b99c8d9cff7b3e8ae8f3204b99e7ea40f791349 (diff)
downloadvyos-strongswan-5313d2d78ca150515f7f5eb39801c100690b6b29.tar.gz
vyos-strongswan-5313d2d78ca150515f7f5eb39801c100690b6b29.zip
Imported Upstream version 5.1.1
Diffstat (limited to 'src/libipsec/ip_packet.c')
-rw-r--r--src/libipsec/ip_packet.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c
index d08e09057..ede9d100a 100644
--- a/src/libipsec/ip_packet.c
+++ b/src/libipsec/ip_packet.c
@@ -98,7 +98,7 @@ METHOD(ip_packet_t, get_next_header, u_int8_t,
METHOD(ip_packet_t, clone, ip_packet_t*,
private_ip_packet_t *this)
{
- return ip_packet_create(this->packet);
+ return ip_packet_create(chunk_clone(this->packet));
}
METHOD(ip_packet_t, destroy, void,
@@ -139,6 +139,9 @@ ip_packet_t *ip_packet_create(chunk_t packet)
goto failed;
}
ip = (struct ip*)packet.ptr;
+ /* remove any RFC 4303 TFC extra padding */
+ packet.len = min(packet.len, untoh16(&ip->ip_len));
+
src = host_create_from_chunk(AF_INET,
chunk_from_thing(ip->ip_src), 0);
dst = host_create_from_chunk(AF_INET,
@@ -157,6 +160,9 @@ ip_packet_t *ip_packet_create(chunk_t packet)
goto failed;
}
ip = (struct ip6_hdr*)packet.ptr;
+ /* remove any RFC 4303 TFC extra padding */
+ packet.len = min(packet.len, untoh16(&ip->ip6_plen));
+
src = host_create_from_chunk(AF_INET6,
chunk_from_thing(ip->ip6_src), 0);
dst = host_create_from_chunk(AF_INET6,
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-21 04:30:07 +0000