From: bluhm <bluhm@openbsd.org>
Date: Thu, 21 Aug 2008 23:05:30 +0000 (+0000)
Subject: Assign the ip and ip6 pointers in ipsp_process_packet() only if a
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=bf3ff4f4d19067613f9b6d6a194ecbabe617696d;p=openbsd

Assign the ip and ip6 pointers in ipsp_process_packet() only if a
header of the matching address family is available.  Especially do
not read ip->ip_off from an IPv6 packet header.
ok markus
---

diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c
index 6ac50774761..9f993c073be 100644
--- a/sys/netinet/ipsec_output.c
+++ b/sys/netinet/ipsec_output.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ipsec_output.c,v 1.39 2007/06/01 00:52:38 henning Exp $ */
+/*	$OpenBSD: ipsec_output.c,v 1.40 2008/08/21 23:05:30 bluhm Exp $ */
 /*
  * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
  *
@@ -185,17 +185,20 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready)
 			}
 
 #ifdef INET
-			ip = mtod(m, struct ip *);
+			if (af == AF_INET) {
+				ip = mtod(m, struct ip *);
 
-			/*
-			 * This is not a bridge packet, remember if we
-			 * had IP_DF.
-			 */
-			setdf = ip->ip_off & htons(IP_DF);
+				/*
+				 * This is not a bridge packet, remember if we
+				 * had IP_DF.
+				 */
+				setdf = ip->ip_off & htons(IP_DF);
+			}
 #endif /* INET */
 
 #ifdef INET6
-			ip6 = mtod(m, struct ip6_hdr *);
+			if (af == AF_INET6)
+				ip6 = mtod(m, struct ip6_hdr *);
 #endif /* INET6 */
 		}