ref: f00ce5014803d75afc1f0f0513c30e9fa7bdb7a2
parent: df262de7dab758a3bf8bdd8aed8d30fe2c2dd285
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sun Dec 17 15:20:17 EST 2017
ip/tinc: handle single byte noop and end-of-option-list tcp options in clampmss()
--- a/sys/src/cmd/ip/tinc.c
+++ b/sys/src/cmd/ip/tinc.c
@@ -970,9 +970,20 @@
return;
if((e = p+(p[12]>>4)*4) > p+n)
return;
- for(h = p+TcpHdr; h+4 <= e && h[1] > 0; h += h[1])
+ for(h = p+TcpHdr; h < e;){+ switch(h[0]){+ case 0:
+ return;
+ case 1:
+ h++;
+ continue;
+ }
+ if(h[1] < 2 || h[1] > e - h)
+ return;
if(h[0] == 2 && h[1] == 4)
goto Found;
+ h += h[1];
+ }
return;
Found:
oldmss = h[2]<<8 | h[3];
--
⑨