get_raw_packet: The read length check is stricter than necessary.

Allow reads with excess data beyond the packet to succeed if the
packet is still well-formed.
This commit is contained in:
Nicholas J. Kain 2015-02-14 01:40:06 -05:00
parent a7cb063f0c
commit 70c750f50c

View File

@ -195,7 +195,7 @@ static ssize_t get_raw_packet(struct client_state_t cs[static 1],
return -1; return -1;
} }
size_t iphdrlen = ntohs(packet.ip.tot_len); size_t iphdrlen = ntohs(packet.ip.tot_len);
if ((size_t)inc != iphdrlen) if ((size_t)inc < iphdrlen)
return -2; return -2;
if (!cs->using_dhcp_bpf && !get_raw_packet_validate_bpf(&packet)) if (!cs->using_dhcp_bpf && !get_raw_packet_validate_bpf(&packet))
return -2; return -2;