+++ /dev/null
-diff -up openssh-5.2p1/canohost.c.ip-opts openssh-5.2p1/canohost.c
---- openssh-5.2p1/canohost.c.ip-opts 2009-02-14 06:28:21.000000000 +0100
-+++ openssh-5.2p1/canohost.c 2009-09-01 15:31:29.000000000 +0200
-@@ -169,12 +169,27 @@ check_ip_options(int sock, char *ipaddr)
- option_size = sizeof(options);
- if (getsockopt(sock, ipproto, IP_OPTIONS, options,
- &option_size) >= 0 && option_size != 0) {
-- text[0] = '\0';
-- for (i = 0; i < option_size; i++)
-- snprintf(text + i*3, sizeof(text) - i*3,
-- " %2.2x", options[i]);
-- fatal("Connection from %.100s with IP options:%.800s",
-- ipaddr, text);
-+ i = 0;
-+ do {
-+ switch (options[i]) {
-+ case 0:
-+ case 1:
-+ ++i;
-+ break;
-+ case 131:
-+ case 137:
-+ /* Fail, fatally, if we detect either loose or strict
-+ * source routing options. */
-+ text[0] = '\0';
-+ for (i = 0; i < option_size; i++)
-+ snprintf(text + i*3, sizeof(text) - i*3,
-+ " %2.2x", options[i]);
-+ fatal("Connection from %.100s with IP options:%.800s",
-+ ipaddr, text);
-+ default:
-+ i += options[i + 1];
-+ }
-+ } while (i < option_size);
- }
- #endif /* IP_OPTIONS */
- }