From 13a139eef7735d6bdf2c8f449705ad76a1f02efa Mon Sep 17 00:00:00 2001
From: goldsimon <goldsimon>
Date: Wed, 15 Oct 2008 18:20:23 +0000
Subject: [PATCH] fixed bug #24517: IP reassembly crashes on unaligned IP
 headers by packing the struct ip_reass_helper.

---
 CHANGELOG               |  4 ++++
 src/core/ipv4/ip_frag.c | 17 +++++++++++++----
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index e177599b..ca81a624 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -51,6 +51,10 @@ HISTORY
 
   ++ Bugfixes:
 
+  2008-10-15 Simon Goldschmidt
+  * ip_frag.c: fixed bug #24517: IP reassembly crashes on unaligned IP headers
+    by packing the struct ip_reass_helper.
+
   2008-10-03 David Woodhouse, Jonathan Larmour
   * etharp.c (etharp_arp_input): Fix type aliasing problem copying ip address.
 
diff --git a/src/core/ipv4/ip_frag.c b/src/core/ipv4/ip_frag.c
index e06ba009..b3f8ebd4 100644
--- a/src/core/ipv4/ip_frag.c
+++ b/src/core/ipv4/ip_frag.c
@@ -81,12 +81,21 @@
 /** This is a helper struct which holds the starting
  * offset and the ending offset of this fragment to
  * easily chain the fragments.
+ * It has to be packed since it has to fit inside the IP header.
  */
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/bpstruct.h"
+#endif
+PACK_STRUCT_BEGIN
 struct ip_reass_helper {
-  struct pbuf *next_pbuf;
-  u16_t start;
-  u16_t end;
-};
+  PACK_STRUCT_FIELD(struct pbuf *next_pbuf);
+  PACK_STRUCT_FIELD(u16_t start);
+  PACK_STRUCT_FIELD(u16_t end);
+} PACK_STRUCT_STRUCT;
+PACK_STRUCT_END
+#ifdef PACK_STRUCT_USE_INCLUDES
+#  include "arch/epstruct.h"
+#endif
 
 #define IP_ADDRESSES_AND_ID_MATCH(iphdrA, iphdrB)  \
   (ip_addr_cmp(&(iphdrA)->src, &(iphdrB)->src) && \