From 8d5434ef2dd8f9f5e5538a171d73434632fa012d Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@ncsa.illinois.edu>
Date: Mon, 11 Mar 2013 10:54:51 -0500
Subject: [PATCH] Fix large memory allocation in IP fragment reassembly. 
 Addresses #961.

Patch by jbaines modified slightly to return earlier so that the
problem packet can't cause any state change in the FragReassembler.
---
 src/Frag.cc | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/Frag.cc b/src/Frag.cc
index d873f5bc0c..4b9047d072 100644
--- a/src/Frag.cc
+++ b/src/Frag.cc
@@ -100,6 +100,13 @@ void FragReassembler::AddFragment(double t, const IP_Hdr* ip, const u_char* pkt)
 	int offset = ip->FragOffset();
 	int len = ip->TotalLen();
 	int hdr_len = ip->HdrLen();
+
+	if ( len < hdr_len )
+		{
+		s->Weird("fragment_protocol_inconsistency", ip);
+		return;
+		}
+
 	int upper_seq = offset + len - hdr_len;
 
 	if ( ! offset )