/* See: RFC 1108 */
case IPV4_OPT_SEC:
case IPV4_OPT_ESEC:
- if (o->len != IPV4_OPT_SEC_LEN) {
+ if (unlikely(o->len < IPV4_OPT_SEC_MIN)) {
ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_INVALID_LEN);
return -1;
}
/** \test IPV4 with SEC option (invalid length). */
static int DecodeIPV4OptionsSECTest02(void)
{
- uint8_t raw_opts[] = {
- IPV4_OPT_SEC, 0x0a, 0xf1, 0x35, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
- };
+ uint8_t raw_opts[] = { IPV4_OPT_SEC, 0x02, 0xf1, 0x35, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00 };
Packet *p = PacketGetFromAlloc();
FAIL_IF(unlikely(p == NULL));
#define IPV4_OPT_RTRALT 0x94 /**< Option: Router Alert */
/** IP Option Lengths (fixed) */
-#define IPV4_OPT_SEC_LEN 11 /**< SEC Option Fixed Length */
#define IPV4_OPT_SID_LEN 4 /**< SID Option Fixed Length */
#define IPV4_OPT_RTRALT_LEN 4 /**< RTRALT Option Fixed Length */
/** IP Option Lengths (variable) */
+#define IPV4_OPT_SEC_MIN 3 /**< SEC, ESEC Option Min Length */
#define IPV4_OPT_ROUTE_MIN 3 /**< RR, SRR, LTRR Option Min Length */
#define IPV4_OPT_QS_MIN 8 /**< QS Option Min Length */
#define IPV4_OPT_TS_MIN 5 /**< TS Option Min Length */
projects / thirdparty / suricata.git / commitdiff
