From fe445367bda6da335eddd6d320b48e01493af94d Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Wed, 16 Dec 2015 10:45:05 +0100
Subject: [PATCH] icmpv4: improve dest unreachable logic

When a ICMPv4 destination unreachable packet contains an embedded packet
this packet is parsed. When it's found to be invalid, the whole ICMP
packet is tagged as invalid.

In some cases the unreachable packet would still be used.

This patch fixes this by checking the packet is invalid flag as well
in the ICMPV4_DEST_UNREACH_IS_VALID macro.
---
 src/decode-icmpv4.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/decode-icmpv4.h b/src/decode-icmpv4.h
index f8cb97f4f0..02184dfd34 100644
--- a/src/decode-icmpv4.h
+++ b/src/decode-icmpv4.h
@@ -259,7 +259,9 @@ typedef struct ICMPV4Vars_
  *
  *  \warning use only _after_ the decoder has processed the packet
  */
-#define ICMPV4_DEST_UNREACH_IS_VALID(p) (((p)->icmpv4h != NULL) && \
+#define ICMPV4_DEST_UNREACH_IS_VALID(p) ( \
+    (!((p)->flags & PKT_IS_INVALID)) && \
+    ((p)->icmpv4h != NULL) && \
     (ICMPV4_GET_TYPE((p)) == ICMP_DEST_UNREACH) && \
     (ICMPV4_GET_EMB_IPV4((p)) != NULL) && \
     ((ICMPV4_GET_EMB_TCP((p)) != NULL) || \
-- 
2.47.2