* This version is used under SunOS 4.x, DEC Alpha OSF/1, AIX 4.x,
* and SVR4 systems including Solaris 2.
*
- * $Id: vjcompress.c,v 1.1 1995/12/18 03:30:20 paulus Exp $
+ * $Id: vjcompress.c,v 1.2 1996/05/24 07:04:06 paulus Exp $
*/
#include <sys/types.h>
register struct ip *ip;
ip = (struct ip *) buf;
- if (ip->ip_p >= MAX_STATES) {
+ hlen = getip_hl(*ip) << 2;
+ if (ip->ip_p >= MAX_STATES
+ || hlen + sizeof(struct tcphdr) > buflen
+ || (hlen += getth_off(*((struct tcphdr *)&((char *)ip)[hlen])) << 2)
+ > buflen
+ || hlen > MAX_HDR) {
comp->flags |= VJF_TOSS;
INCR(vjs_errorin);
return (0);
cs = &comp->rstate[comp->last_recv = ip->ip_p];
comp->flags &=~ VJF_TOSS;
ip->ip_p = IPPROTO_TCP;
- hlen = getip_hl(*ip);
- hlen += getth_off(*((struct tcphdr *)&((int *)ip)[hlen]));
- hlen <<= 2;
BCOPY(ip, &cs->cs_ip, hlen);
cs->cs_hlen = hlen;
INCR(vjs_uncompressedin);