X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Froute.c;h=e9e07f67263a2d39cbe468e06ae576ea516926f6;hp=16d932d33ca36041372014d0076cdce481114f01;hb=acbb9d6692614539260749c7b763eca5a6f81f07;hpb=6c5f3d8b74ffea1522a727ef189a5ba65a939e07

diff --git a/src/route.c b/src/route.c
index 16d932d3..e9e07f67 100644
--- a/src/route.c
+++ b/src/route.c
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: route.c,v 1.1.2.64 2003/08/28 21:05:11 guus Exp $
+    $Id: route.c,v 1.1.2.66 2003/10/01 09:14:01 guus Exp $
 */
 
 #include "system.h"
@@ -532,6 +532,11 @@ void route_outgoing(vpn_packet_t *packet)
 
 	cp();
 
+	if(packet->len < 14) {
+		ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet"));
+		return;
+	}
+
 	/* FIXME: multicast? */
 
 	switch (routing_mode) {
@@ -539,11 +544,21 @@ void route_outgoing(vpn_packet_t *packet)
 			type = ntohs(*((uint16_t *)(&packet->data[12])));
 			switch (type) {
 				case 0x0800:
+					if(packet->len < 34) {
+						ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet"));
+						return;
+					}
+
 					n = route_ipv4(packet);
 					break;
 
 				case 0x86DD:
-					if(packet->data[20] == IPPROTO_ICMPV6 && packet->data[54] == ND_NEIGHBOR_SOLICIT) {
+					if(packet->len < 54) {
+						ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet"));
+						return;
+					}
+
+					if(packet->data[20] == IPPROTO_ICMPV6 && packet->len >= 62 && packet->data[54] == ND_NEIGHBOR_SOLICIT) {
 						route_neighborsol(packet);
 						return;
 					}
@@ -551,6 +566,11 @@ void route_outgoing(vpn_packet_t *packet)
 					break;
 
 				case 0x0806:
+					if(packet->len < 42) {
+						ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet"));
+						return;
+					}
+
 					route_arp(packet);
 					return;
 
@@ -578,6 +598,12 @@ void route_outgoing(vpn_packet_t *packet)
 
 void route_incoming(node_t *source, vpn_packet_t *packet)
 {
+	if(packet->len < 14) {
+		ifdebug(TRAFFIC) logger(LOG_WARNING, _("Got too short packet from %s (%s)"),
+					source->name, source->hostname);
+		return;
+	}
+
 	switch (routing_mode) {
 		case RMODE_ROUTER:
 			{
@@ -587,10 +613,20 @@ void route_incoming(node_t *source, vpn_packet_t *packet)
 				type = ntohs(*((uint16_t *)(&packet->data[12])));
 				switch (type) {
 					case 0x0800:
+						if(packet->len < 34) {
+							ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet"));
+							return;
+						}
+
 						n = route_ipv4(packet);
 						break;
 
 					case 0x86DD:
+						if(packet->len < 54) {
+							ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet"));
+							return;
+						}
+
 						n = route_ipv6(packet);
 						break;