From: mpi <mpi@openbsd.org>
Date: Thu, 13 Sep 2018 12:29:43 +0000 (+0000)
Subject: Include the size of IPCOMP header when checking for compression.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=4b5fa55e4bbeb587a2eaa52765a1e8e42ad82c87;p=openbsd

Include the size of IPCOMP header when checking for compression.

Problem found and anaylyzed by Romain Gabet, ok markus@
---

diff --git a/sys/netinet/ip_ipcomp.c b/sys/netinet/ip_ipcomp.c
index 7c3a10536f6..dac65a0344f 100644
--- a/sys/netinet/ip_ipcomp.c
+++ b/sys/netinet/ip_ipcomp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipcomp.c,v 1.65 2018/08/28 15:15:02 mpi Exp $ */
+/* $OpenBSD: ip_ipcomp.c,v 1.66 2018/09/13 12:29:43 mpi Exp $ */
 
 /*
  * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org)
@@ -503,7 +503,7 @@ ipcomp_output_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m,
 	rlen = ilen - skip;
 
 	/* Check sizes. */
-	if (rlen < olen) {
+	if (rlen <= olen + IPCOMP_HLENGTH) {
 		/* Compression was useless, we have lost time. */
 		ipcompstat_inc(ipcomps_minlen); /* misnomer, but like to count */
 		goto skiphdr;