From 8119d9e9e646bc1c83b8d7d2cf14fef175ceca13 Mon Sep 17 00:00:00 2001
From: claudio <claudio@openbsd.org>
Date: Sun, 6 May 2007 09:51:33 +0000
Subject: Fix the out of bounds check when parsing IPv6 headers. Fixes a
 SIGSEGV when parsing IPv6 headers with unknown or corrupted header options.
 OK henning@ mcbride@

---
 usr.sbin/tcpdump/print-ip6.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'usr.sbin/tcpdump/print-ip6.c')

diff --git a/usr.sbin/tcpdump/print-ip6.c b/usr.sbin/tcpdump/print-ip6.c
index d7465fba090..fa343a1fe69 100644
--- a/usr.sbin/tcpdump/print-ip6.c
+++ b/usr.sbin/tcpdump/print-ip6.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: print-ip6.c,v 1.7 2006/09/19 14:25:04 naddy Exp $	*/
+/*	$OpenBSD: print-ip6.c,v 1.8 2007/05/06 09:51:33 claudio Exp $	*/
 
 /*
  * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994
@@ -113,7 +113,7 @@ ip6_print(register const u_char *bp, register int length)
 
 	cp = (const u_char *)ip6;
 	nh = ip6->ip6_nxt;
-	while (cp < snapend) {
+	while (cp + hlen < snapend) {
 		cp += hlen;
 
 		if (cp == (u_char *)(ip6 + 1) &&
-- 
cgit v1.2.3-59-g8ed1b