From e9c2a6fc1f44b070dd2ca277b2c6cabfc0082fdf Mon Sep 17 00:00:00 2001
From: gordon <gordon@FreeBSD.org>
Date: Tue, 20 Aug 2019 17:49:33 +0000
Subject: [PATCH] Fix IPv6 remote denial of service.

Approved by:	so
Security:	FreeBSD-SA-19:22.mbuf
Security:	CVE-2019-5611
---
 sys/kern/uipc_mbuf2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/kern/uipc_mbuf2.c b/sys/kern/uipc_mbuf2.c
index 8b7f4fdd516..c9948c76944 100644
--- a/sys/kern/uipc_mbuf2.c
+++ b/sys/kern/uipc_mbuf2.c
@@ -214,7 +214,7 @@ m_pulldown(struct mbuf *m, int off, int len, int *offp)
 		goto ok;
 	}
 	if ((off == 0 || offp) && M_LEADINGSPACE(n->m_next) >= hlen
-	 && writable) {
+	 && writable && n->m_next->m_len >= tlen) {
 		n->m_next->m_data -= hlen;
 		n->m_next->m_len += hlen;
 		bcopy(mtod(n, caddr_t) + off, mtod(n->m_next, caddr_t), hlen);
-- 
2.45.0