aboutsummaryrefslogtreecommitdiff
path: root/sys/netipsec
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netipsec')
-rw-r--r--sys/netipsec/xform_ah.c14
-rw-r--r--sys/netipsec/xform_esp.c14
2 files changed, 16 insertions, 12 deletions
diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c
index 2215d4f1c408..2ed9683a0572 100644
--- a/sys/netipsec/xform_ah.c
+++ b/sys/netipsec/xform_ah.c
@@ -575,12 +575,14 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
/* Figure out header size. */
rplen = HDRSIZE(sav);
- m = m_pullup(m, skip + rplen);
- if (m == NULL) {
- DPRINTF(("ah_input: cannot pullup header\n"));
- AHSTAT_INC(ahs_hdrops); /*XXX*/
- error = ENOBUFS;
- goto bad;
+ if (m->m_len < skip + rplen) {
+ m = m_pullup(m, skip + rplen);
+ if (m == NULL) {
+ DPRINTF(("ah_input: cannot pullup header\n"));
+ AHSTAT_INC(ahs_hdrops); /*XXX*/
+ error = ENOBUFS;
+ goto bad;
+ }
}
ah = (struct newah *)(mtod(m, caddr_t) + skip);
diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c
index 918d98b6af22..235d87ae1d98 100644
--- a/sys/netipsec/xform_esp.c
+++ b/sys/netipsec/xform_esp.c
@@ -308,12 +308,14 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
goto bad;
}
- m = m_pullup(m, skip + sizeof(*esp));
- if (m == NULL) {
- DPRINTF(("%s: cannot pullup header\n", __func__));
- ESPSTAT_INC(esps_hdrops); /*XXX*/
- error = ENOBUFS;
- goto bad;
+ if (m->m_len < skip + sizeof(*esp)) {
+ m = m_pullup(m, skip + sizeof(*esp));
+ if (m == NULL) {
+ DPRINTF(("%s: cannot pullup header\n", __func__));
+ ESPSTAT_INC(esps_hdrops); /*XXX*/
+ error = ENOBUFS;
+ goto bad;
+ }
}
esp = (struct newesp *)(mtod(m, caddr_t) + skip);