summaryrefslogtreecommitdiff
path: root/src/libipsec/ip_packet.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libipsec/ip_packet.c')
-rw-r--r--src/libipsec/ip_packet.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c
index d08e09057..ede9d100a 100644
--- a/src/libipsec/ip_packet.c
+++ b/src/libipsec/ip_packet.c
@@ -98,7 +98,7 @@ METHOD(ip_packet_t, get_next_header, u_int8_t,
METHOD(ip_packet_t, clone, ip_packet_t*,
private_ip_packet_t *this)
{
- return ip_packet_create(this->packet);
+ return ip_packet_create(chunk_clone(this->packet));
}
METHOD(ip_packet_t, destroy, void,
@@ -139,6 +139,9 @@ ip_packet_t *ip_packet_create(chunk_t packet)
goto failed;
}
ip = (struct ip*)packet.ptr;
+ /* remove any RFC 4303 TFC extra padding */
+ packet.len = min(packet.len, untoh16(&ip->ip_len));
+
src = host_create_from_chunk(AF_INET,
chunk_from_thing(ip->ip_src), 0);
dst = host_create_from_chunk(AF_INET,
@@ -157,6 +160,9 @@ ip_packet_t *ip_packet_create(chunk_t packet)
goto failed;
}
ip = (struct ip6_hdr*)packet.ptr;
+ /* remove any RFC 4303 TFC extra padding */
+ packet.len = min(packet.len, untoh16(&ip->ip6_plen));
+
src = host_create_from_chunk(AF_INET6,
chunk_from_thing(ip->ip6_src), 0);
dst = host_create_from_chunk(AF_INET6,
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-14 05:14:33 +0000