From b3cc46381d7ddcb163f93064e81207cbff348834 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 1 Sep 2017 08:57:56 +0200 Subject: [PATCH] ip-packet: Fix "packet too short" error when parsing fragmented IPv4 packets Only attempt to parse the transport header of an IPv4 packet if it's not fragmented or the first fragment. --- src/libipsec/ip_packet.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c index 78b4c407a..61382a2da 100644 --- a/src/libipsec/ip_packet.c +++ b/src/libipsec/ip_packet.c @@ -55,6 +55,10 @@ struct ip6_hdr { #define HAVE_NETINET_IP6_H /* not really, but we only need the struct above */ #endif +#ifndef IP_OFFMASK +#define IP_OFFMASK 0x1fff +#endif + /** * TCP header, defined here because platforms disagree regarding member names * and unfortunately Android does not define a variant with BSD names. @@ -253,7 +257,8 @@ ip_packet_t *ip_packet_create(chunk_t packet) /* remove any RFC 4303 TFC extra padding */ packet.len = min(packet.len, untoh16(&ip->ip_len)); payload = chunk_skip(packet, ip->ip_hl * 4); - if (!parse_transport_header(payload, ip->ip_p, &sport, &dport)) + if ((ip->ip_off & htons(IP_OFFMASK)) == 0 && + !parse_transport_header(payload, ip->ip_p, &sport, &dport)) { goto failed; }