diff options
author | gVisor bot <gvisor-bot@google.com> | 2021-10-26 22:28:13 +0000 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-10-26 22:28:13 +0000 |
commit | 1295a9562a49567c519b5115afd836297a0a73f0 (patch) | |
tree | 1682408c6e1598cf86dcad9e34b20bf72a6deca0 /pkg | |
parent | 246328eab4e1c92701d4d8ad72823a3ccfac1dbd (diff) | |
parent | f54a25c1f03e705f2fb65be7389ddeb37bc5e64e (diff) |
Merge release-20211019.0-43-gf54a25c1f (automated)
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/tcpip/network/ipv4/icmp.go | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/pkg/tcpip/network/ipv4/icmp.go b/pkg/tcpip/network/ipv4/icmp.go index 3eff0bbd8..59acbad02 100644 --- a/pkg/tcpip/network/ipv4/icmp.go +++ b/pkg/tcpip/network/ipv4/icmp.go @@ -572,6 +572,10 @@ func (p *protocol) returnError(reason icmpReason, pkt *stack.PacketBuffer) tcpip // if problems arise this could be reversed. It was judged less of a breach // of protocol to not respond to unknown non-error packets than to respond // to unknown error packets so we take the first approach. + if len(transportHeader) < header.ICMPv4MinimumSize { + // The packet is malformed. + return nil + } switch header.ICMPv4(transportHeader).Type() { case header.ICMPv4EchoReply, |