From b4d29cbd6854ec4c2ca0f15ca9458853f534303e Mon Sep 17 00:00:00 2001
From: itojun <itojun@NetBSD.org>
Date: Thu, 3 Feb 2000 17:42:01 +0000
Subject: [PATCH] don't try to parse packets with short iphlen. From:
 tcpdump.org (bugtraq june 99)

---
 usr.sbin/tcpdump/print-ip.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/usr.sbin/tcpdump/print-ip.c b/usr.sbin/tcpdump/print-ip.c
index d805e34f1f3a..05541fb9a910 100644
--- a/usr.sbin/tcpdump/print-ip.c
+++ b/usr.sbin/tcpdump/print-ip.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: print-ip.c,v 1.9 1999/08/26 14:52:04 itojun Exp $	*/
+/*	$NetBSD: print-ip.c,v 1.10 2000/02/03 17:42:01 itojun Exp $	*/
 
 /*
  * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
@@ -27,7 +27,7 @@
 static const char rcsid[] =
     "@(#) Header: print-ip.c,v 1.66 97/05/28 12:51:43 leres Exp  (LBL)";
 #else
-__RCSID("$NetBSD: print-ip.c,v 1.9 1999/08/26 14:52:04 itojun Exp $");
+__RCSID("$NetBSD: print-ip.c,v 1.10 2000/02/03 17:42:01 itojun Exp $");
 #endif
 #endif
 
@@ -384,6 +384,10 @@ ip_print(register const u_char *bp, register u_int length)
 		return;
 	}
 	hlen = ip->ip_hl * 4;
+	if (hlen < sizeof (struct ip)) {
+		(void)printf("bad-hlen %d", hlen);
+		return;
+	}
 
 	len = ntohs(ip->ip_len);
 	if (length < len)