diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index dea40816e30..53f74271e26 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -8462,6 +8462,9 @@ pf_multihome_scan(int start, int len, struct pf_pdesc *pd, int op) NULL, pd->af)) return (PF_DROP); + if (ntohs(ah.ph.param_length) < sizeof(ah)) + return (PF_DROP); + ret = pf_multihome_scan(start + off + sizeof(ah), ntohs(ah.ph.param_length) - sizeof(ah), pd, SCTP_ADD_IP_ADDRESS); @@ -8476,6 +8479,10 @@ pf_multihome_scan(int start, int len, struct pf_pdesc *pd, int op) if (!pf_pull_hdr(pd->m, start + off, &ah, sizeof(ah), NULL, pd->af)) return (PF_DROP); + + if (ntohs(ah.ph.param_length) < sizeof(ah)) + return (PF_DROP); + ret = pf_multihome_scan(start + off + sizeof(ah), ntohs(ah.ph.param_length) - sizeof(ah), pd, SCTP_DEL_IP_ADDRESS);