From 4e8c729f7fad78eaef465f0b49abc853c8bdd966 Mon Sep 17 00:00:00 2001
From: Joel Sherrill <joel.sherrill@OARcorp.com>
Date: Fri, 20 May 2005 18:56:42 +0000
Subject: 2005-05-20	Eric Norum <norume@aps.anl.gov>

	PR 793/networking
	* libnetworking/netinet/ip_icmp.c: Malicious ICMP packet causes panic.
	Just ignore it.
---
 cpukit/libnetworking/netinet/ip_icmp.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'cpukit/libnetworking/netinet')

diff --git a/cpukit/libnetworking/netinet/ip_icmp.c b/cpukit/libnetworking/netinet/ip_icmp.c
index ef3779c0cb..39020162b5 100644
--- a/cpukit/libnetworking/netinet/ip_icmp.c
+++ b/cpukit/libnetworking/netinet/ip_icmp.c
@@ -138,6 +138,10 @@ icmp_error(n, type, code, dest, destifp)
 	/* Don't send error in response to a multicast or broadcast packet */
 	if (n->m_flags & (M_BCAST|M_MCAST))
 		goto freeit;
+    /* Don't send error in response to malicious packet */
+	icmplen = min(oiplen + 8, oip->ip_len);
+	if (icmplen < sizeof(struct ip))
+		goto freeit;
 	/*
 	 * First, formulate icmp message
 	 */
@@ -147,9 +151,6 @@ icmp_error(n, type, code, dest, destifp)
 #ifdef MAC
 	mac_create_mbuf_netlayer(n, m);
 #endif
-	icmplen = min(oiplen + 8, oip->ip_len);
-	if (icmplen < sizeof(struct ip))
-		panic("icmp_error: bad length");
 	m->m_len = icmplen + ICMP_MINLEN;
 	MH_ALIGN(m, m->m_len);
 	icp = mtod(m, struct icmp *);
-- 
cgit v1.2.3