[src/trunk]: src/sys/netipsec iipsec4_get_ulp(): Fix a reversed test that wou...

[thorpej <thorpej%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/7f0fa9182e5a
branches:  trunk
changeset: 558904:7f0fa9182e5a
user:      thorpej <thorpej%NetBSD.org@localhost>
date:      Tue Mar 02 00:50:57 2004 +0000

description:
iipsec4_get_ulp(): Fix a reversed test that would have caused us to access
bogus IP header data if presented with a short mbuf.

diffstat:

 sys/netipsec/ipsec.c |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diffs (27 lines):

diff -r 83dd4783cb6e -r 7f0fa9182e5a sys/netipsec/ipsec.c
--- a/sys/netipsec/ipsec.c      Tue Mar 02 00:35:54 2004 +0000
+++ b/sys/netipsec/ipsec.c      Tue Mar 02 00:50:57 2004 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsec.c,v 1.7 2004/02/24 15:12:52 wiz Exp $    */
+/*     $NetBSD: ipsec.c,v 1.8 2004/03/02 00:50:57 thorpej Exp $        */
 /*     $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $       */
 /*     $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.7 2004/02/24 15:12:52 wiz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.8 2004/03/02 00:50:57 thorpej Exp $");
 
 /*
  * IPsec controller part.
@@ -667,7 +667,7 @@
                ("ipsec4_get_ulp: packet too short"));
 
        /* NB: ip_input() flips it into host endian XXX need more checking */
-       if (m->m_len < sizeof (struct ip)) {
+       if (m->m_len >= sizeof(struct ip)) {
                struct ip *ip = mtod(m, struct ip *);
                if (ip->ip_off & (IP_MF | IP_OFFMASK))
                        goto done;