slirp: Prevent sending ICMP error replies to source-only addresses

This triggered the related assert in arp_table_search.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

diff --git a/slirp/ip_icmp.c b/slirp/ip_icmp.c
index 4b43994dbcb2e8884e119de0254b5d9e848a36e8..5dbf21da9d7dc82e3d2325a731ad4d603cce0a08 100644 (file)
--- a/slirp/ip_icmp.c
+++ b/slirp/ip_icmp.c
@@ -262,6 +262,11 @@ icmp_error(struct mbuf *msrc, u_char type, u_char code, int minsize,
 #endif
   if(ip->ip_off & IP_OFFMASK) goto end_error;    /* Only reply to fragment 0 */
 
+  /* Do not reply to source-only IPs */
+  if ((ip->ip_src.s_addr & htonl(~(0xf << 28))) == 0) {
+      goto end_error;
+  }
+
   shlen=ip->ip_hl << 2;
   s_ip_len=ip->ip_len;
   if(ip->ip_p == IPPROTO_ICMP) {