MEDIUM: netscaler: do not analyze original IP packet size

Original informations about the client are stored in the CIP encapsulated
IP header, hence there is no need to consider original IP packet length
to determine if data are missing. Instead this change detect missing
data if the remaining buffer is large enough to contain a minimal IP and
TCP header and if the buffer has as much data as CIP is telling.

diff --git a/src/connection.c b/src/connection.c
index 8d2fb77bedeb05731b232af5b1a652a01c2e6b27..58bf4a5f85f54bbae249fc6e2affd820d31e8324 100644 (file)
--- a/src/connection.c
+++ b/src/connection.c
@@ -763,7 +763,7 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag)
 
                hdr_ip4 = (struct ip *)line;
 
-               if (trash.len < (ntohs(hdr_ip4->ip_len) + 20)) {
+               if (trash.len < 40 || trash.len < hdr_len) {
                        /* Fail if buffer length is not large enough to contain
                         * IPv4 header, TCP header */
                        goto missing;
@@ -793,7 +793,7 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag)
 
                hdr_ip6 = (struct ip6_hdr *)line;
 
-               if (trash.len < 60) {
+               if (trash.len < 60 || trash.len < hdr_len) {
                        /* Fail if buffer length is not large enough to contain
                         * IPv6 header, TCP header */
                        goto missing;