ip: fix overflow in ip6_ext_header_walk

ip6_ext_hdr_chain_t->eh is IP6_EXT_HDR_MAX elements.

Type: fix

Change-Id: I28b8d610d8f5c0c520c8391c37b86e837655ab12
Signed-off-by: Benoît Ganne <bganne@cisco.com>

diff --git a/src/vnet/ip/ip6_packet.h b/src/vnet/ip/ip6_packet.h
index b00eac7..e71604c 100644 (file)
--- a/src/vnet/ip/ip6_packet.h
+++ b/src/vnet/ip/ip6_packet.h
@@ -652,7 +652,7 @@ ip6_ext_header_walk (vlib_buffer_t *b, ip6_header_t *ip, int find_hdr_type,
       i++;
       if (last)
        break;
-      if (i > IP6_EXT_HDR_MAX)
+      if (i >= IP6_EXT_HDR_MAX)
        break;
       next_header = ip6_ext_next_header_s (next_proto, next_header, max_offset,
                                           &offset, &next_proto, &last);