From 500598658df1d8674b7d25141983cf5452585d9d Mon Sep 17 00:00:00 2001
From: goldsimon <goldsimon@gmx.de>
Date: Fri, 28 Jul 2017 10:11:45 +0200
Subject: [PATCH] ip4_reass: fixed bug #51596 (Insufficient overlap check)

---
 src/core/ipv4/ip4_frag.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/core/ipv4/ip4_frag.c b/src/core/ipv4/ip4_frag.c
index 8ae67b04..7f0c1829 100644
--- a/src/core/ipv4/ip4_frag.c
+++ b/src/core/ipv4/ip4_frag.c
@@ -392,6 +392,12 @@ ip_reass_chain_frag_into_datagram_and_validate(struct ip_reassdata *ipr, struct
 #endif /* IP_REASS_CHECK_OVERLAP */
         iprh_prev->next_pbuf = new_p;
       } else {
+#if IP_REASS_CHECK_OVERLAP
+        if (iprh->end > iprh_tmp->start) {
+          /* fragment overlaps with following, throw away */
+          goto freepbuf;
+        }
+#endif /* IP_REASS_CHECK_OVERLAP */
         /* fragment with the lowest offset */
         ipr->p = new_p;
       }