proxyarp: Relax frame length limit for RA and NA

Only the NS frames should be checked to be long enough to cover all the
fields used in the NS data structure. This allows shorter RA and NA
frames to be processed for multicast-to-unicast rules.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/ap/ndisc_snoop.c b/src/ap/ndisc_snoop.c
index cfd90a2c60e0c7cdc054716ed982cd5212d18e58..b0d42dcd82c4912b63c9ccc1e35f659d38176105 100644 (file)
--- a/src/ap/ndisc_snoop.c
+++ b/src/ap/ndisc_snoop.c
@@ -91,11 +91,13 @@ static void handle_ndisc(void *ctx, const u8 *src_addr, const u8 *buf,
        int res;
        char addrtxt[INET6_ADDRSTRLEN + 1];
 
-       if (len < ETH_HLEN + sizeof(*msg))
+       if (len < ETH_HLEN + sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr))
                return;
        msg = (struct icmpv6_ndmsg *) &buf[ETH_HLEN];
        switch (msg->icmp6h.icmp6_type) {
        case NEIGHBOR_SOLICITATION:
+               if (len < ETH_HLEN + sizeof(*msg))
+                       return;
                if (msg->opt_type != SOURCE_LL_ADDR)
                        return;