flow: Verify that tot_len >= ip_len in miniflow_extract().

[cascardo/ovs.git] / lib / flow.c

diff --git a/lib/flow.c b/lib/flow.c
index 51f6819..5775127 100644 (file)
--- a/lib/flow.c
+++ b/lib/flow.c
@@ -582,7 +582,7 @@ miniflow_extract(struct dp_packet *packet, struct miniflow *dst)
             goto out;
         }
         tot_len = ntohs(nh->ip_tot_len);
-        if (OVS_UNLIKELY(tot_len > size)) {
+        if (OVS_UNLIKELY(tot_len > size || ip_len > tot_len)) {
             goto out;
         }
         if (OVS_UNLIKELY(size - tot_len > UINT8_MAX)) {