From: Victor Julien Date: Wed, 18 Sep 2019 11:26:23 +0000 (+0200) Subject: decode/ipv4: fix ts opt flags decoding X-Git-Tag: suricata-5.0.0-rc1~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4ca83ca4896bbb07fff0ff8225f37a93b08c3374;p=thirdparty%2Fsuricata.git decode/ipv4: fix ts opt flags decoding Field is at data+1 offset, not +3. Also makes sure we always stay within checked data bounds. Reported-by: Sirko Höer -- Code Intelligence for DCSO. Bug #3176. --- diff --git a/src/decode-ipv4.c b/src/decode-ipv4.c index 8a0bee951c..0832b9de56 100644 --- a/src/decode-ipv4.c +++ b/src/decode-ipv4.c @@ -159,7 +159,7 @@ static int IPV4OptValidateTimestamp(Packet *p, const IPV4Opt *o) ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_MALFORMED); return -1; } - flag = *(o->data + 3) & 0x00ff; + flag = *(o->data + 1) & 0x0f; /* A flag of 1|3 means we have both the ip+ts in each record */ rec_size = ((flag == 1) || (flag == 3)) ? 8 : 4;