From 9b19266e3d4747a6b170c247715b94eea5945cbc Mon Sep 17 00:00:00 2001
From: goldsimon <goldsimon@gmx.de>
Date: Fri, 28 Jul 2017 10:11:45 +0200
Subject: [PATCH] ip4_reass: fixed bug #51596 (Insufficient overlap check)

(cherry picked from commit 500598658df1d8674b7d25141983cf5452585d9d)
---
 src/core/ipv4/ip4_frag.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/core/ipv4/ip4_frag.c b/src/core/ipv4/ip4_frag.c
index b7d103f7..785b00c9 100644
--- a/src/core/ipv4/ip4_frag.c
+++ b/src/core/ipv4/ip4_frag.c
@@ -381,6 +381,12 @@ ip_reass_chain_frag_into_datagram_and_validate(struct ip_reassdata *ipr, struct
 #endif /* IP_REASS_CHECK_OVERLAP */
         iprh_prev->next_pbuf = new_p;
       } else {
+#if IP_REASS_CHECK_OVERLAP
+        if (iprh->end > iprh_tmp->start) {
+          /* fragment overlaps with following, throw away */
+          goto freepbuf;
+        }
+#endif /* IP_REASS_CHECK_OVERLAP */
         /* fragment with the lowest offset */
         ipr->p = new_p;
       }