net/packet: fix panic on invalid IHL field.

Signed-off-by: David Anderson <danderson@tailscale.com>
2025-12-03 02:21:58 +00:00 · 2020-11-10 19:10:11 -08:00
parent 22bf48f37c
commit 9ef39af2f2
2 changed files with 29 additions and 1 deletions
--- a/net/packet/packet.go
+++ b/net/packet/packet.go
@@ -165,6 +165,11 @@ func (q *Parsed) decode4(b []byte) {
 	q.DstIP4 = IP4(binary.BigEndian.Uint32(b[16:20]))

 	q.subofs = int((b[0] & 0x0F) << 2)
+	if q.subofs > q.length {
+		// next-proto starts beyond end of packet.
+		q.IPProto = Unknown
+		return
+	}
 	sub := b[q.subofs:]

 	// We don't care much about IP fragmentation, except insofar as it's