always check for optlen overrun.

kame · Oct 29, 2001 · 30f01de · 30f01de
1 parent a87519f
commit 30f01de
Showing 1 changed file with 10 additions and 10 deletions.
diff --git a/kame/sys/netinet6/ah_core.c b/kame/sys/netinet6/ah_core.c
@@ -1,4 +1,4 @@
-/*	$KAME: ah_core.c,v 1.46 2001/10/29 04:37:05 k-sugyou Exp $	*/
+/*	$KAME: ah_core.c,v 1.47 2001/10/29 04:43:08 itojun Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -1606,18 +1606,18 @@ ah6_calccksum(m, ahdat, len, algo, sav)
 					goto fail;
 				}
 				optlen = optp[1] + 2;
+			}
 
-				if (optp[0] & IP6OPT_MUTABLE) {
-					if (optp + optlen > optend) {
-						error = EINVAL;
-						m_free(n);
-						n = NULL;
-						goto fail;
-					}
-					bzero(optp + 2, optlen - 2);
-				}
+			if (optp + optlen > optend) {
+				error = EINVAL;
+				m_free(n);
+				n = NULL;
+				goto fail;
 			}
 
+			if (optp[0] & IP6OPT_MUTABLE)
+				bzero(optp + 2, optlen - 2);
+
 			optp += optlen;
 		}