From 0aa06b84600a0b32b4e01dbc6900914a6dcedc0c Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Thu, 28 Feb 2019 15:53:43 +0100
Subject: fixed possible NULL ptr deref and division by zero

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 src/pkt.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/pkt.c b/src/pkt.c
index beb6291..8dc8baf 100644
--- a/src/pkt.c
+++ b/src/pkt.c
@@ -369,7 +369,7 @@ void handle_data(icmp_echo_packet_t *pkt, int total_len, forward_desc_t *ring[],
 		}
 		return;
 	}
-	if (pt_pkt->seq_no == *next_expected_seq) {
+	if (next_expected_seq && pt_pkt->seq_no == *next_expected_seq) {
 		/* hmm, what happens if this test is true? */
 		if (!ring[*insert_idx]) { /* && pt_pkt->state == kProto_data */
 			/* pt_log(kLog_debug, "Queing data packet: %d\n", pt_pkt->seq_no); */
@@ -403,12 +403,12 @@ void handle_data(icmp_echo_packet_t *pkt, int total_len, forward_desc_t *ring[],
 		d   = s - r;
 		if (d < 0) { /* This packet _may_ be old, or seq_no may have wrapped around */
 			d = (s+0xFFFF) - r;
-			if (d < window_size) {
+			if (window_size && d < window_size) {
 				/* Counter has wrapped, so we should add this packet to the recv ring */
 				pos	= ((*insert_idx)+d) % window_size;
 			}
 		}
-		else if (d < window_size)
+		else if (window_size && d < window_size)
 			pos	= ((*insert_idx)+d) % window_size;
 
 		if (pos != -1) {
-- 
cgit v1.2.3