Include the size of IPCOMP header when checking for compression.

Problem found and anaylyzed by Romain Gabet, ok markus@
author: mpi <mpi@openbsd.org> 2018-09-13 12:29:43 +0000
committer: mpi <mpi@openbsd.org> 2018-09-13 12:29:43 +0000
commit: 4b5fa55e4bbeb587a2eaa52765a1e8e42ad82c87 (patch)
tree: 1086146834db219aa56a56d3ff9828a44d298c0f /sys/netinet/ip_ipcomp.c
parent: Noticed that the equal case is a bit wrong while adjusting the regress tests. (diff)
download: wireguard-openbsd-4b5fa55e4bbeb587a2eaa52765a1e8e42ad82c87.tar.xz
wireguard-openbsd-4b5fa55e4bbeb587a2eaa52765a1e8e42ad82c87.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netinet/ip_ipcomp.c b/sys/netinet/ip_ipcomp.c
index 7c3a10536f6..dac65a0344f 100644
--- a/sys/netinet/ip_ipcomp.c
+++ b/sys/netinet/ip_ipcomp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipcomp.c,v 1.65 2018/08/28 15:15:02 mpi Exp $ */
+/* $OpenBSD: ip_ipcomp.c,v 1.66 2018/09/13 12:29:43 mpi Exp $ */
 
 /*
  * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org)
@@ -503,7 +503,7 @@ ipcomp_output_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m,
 	rlen = ilen - skip;
 
 	/* Check sizes. */
-	if (rlen < olen) {
+	if (rlen <= olen + IPCOMP_HLENGTH) {
 		/* Compression was useless, we have lost time. */
 		ipcompstat_inc(ipcomps_minlen); /* misnomer, but like to count */
 		goto skiphdr;
author	mpi <mpi@openbsd.org>	2018-09-13 12:29:43 +0000
committer	mpi <mpi@openbsd.org>	2018-09-13 12:29:43 +0000
commit	4b5fa55e4bbeb587a2eaa52765a1e8e42ad82c87 (patch)
tree	1086146834db219aa56a56d3ff9828a44d298c0f /sys/netinet/ip_ipcomp.c
parent	Noticed that the equal case is a bit wrong while adjusting the regress tests. (diff)
download	wireguard-openbsd-4b5fa55e4bbeb587a2eaa52765a1e8e42ad82c87.tar.xz wireguard-openbsd-4b5fa55e4bbeb587a2eaa52765a1e8e42ad82c87.zip