From 7f40e95862655066d5b56130d169d510517f14b8 Mon Sep 17 00:00:00 2001
From: Matias Fontanini <matias.fontanini@gmail.com>
Date: Wed, 7 Sep 2011 08:31:00 -0300
Subject: [PATCH] Fixed option parsing bug in TCP.

---
 src/tcp.cpp | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/src/tcp.cpp b/src/tcp.cpp
index c7fdbd0..355812b 100644
--- a/src/tcp.cpp
+++ b/src/tcp.cpp
@@ -60,6 +60,9 @@ Tins::TCP::TCP(const uint8_t *buffer, uint32_t total_sz) : PDU(IPPROTO_TCP) {
     buffer += sizeof(tcphdr);
     total_sz -= sizeof(tcphdr);
     
+    _total_options_size = 0;
+    _options_size = 0;
+    
     uint32_t index = 0, header_end = (data_offset() * sizeof(uint32_t)) - sizeof(tcphdr);
     if(total_sz >= header_end) {
         uint8_t args[2] = {0};
@@ -71,12 +74,11 @@ Tins::TCP::TCP(const uint8_t *buffer, uint32_t total_sz) : PDU(IPPROTO_TCP) {
             }
             // We don't want to store NOPs and EOLs
             if(args[0] != NOP && args[0] != EOL)  {
+                args[1] -= (sizeof(uint8_t) << 1);
                 if(args[1]) {
                     // Not enough size for this option
-                    if(header_end - index < args[1] - (sizeof(uint8_t) << 1)) {
+                    if(header_end - index < args[1])
                         throw std::runtime_error("Not enought size for a TCP header in the buffer.");
-                    }
-                    args[1] -= (sizeof(uint8_t) << 1);
                     add_option((Options)args[0], args[1], buffer + index);
                 }
                 index += args[1];
@@ -88,8 +90,6 @@ Tins::TCP::TCP(const uint8_t *buffer, uint32_t total_sz) : PDU(IPPROTO_TCP) {
         }
         buffer += index;
         total_sz -= index;
-        _total_options_size = header_end;
-        _options_size = (_total_options_size / 4) * 4;
     }
     if(total_sz)
         inner_pdu(new RawPDU(buffer, total_sz));
@@ -208,8 +208,11 @@ void Tins::TCP::set_flag(Flags tcp_flag, uint8_t value) {
 }
 
 void Tins::TCP::add_option(Options tcp_option, uint8_t length, const uint8_t *data) {
-    uint8_t *new_data = new uint8_t[length], padding;
-    memcpy(new_data, data, length);
+    uint8_t *new_data = 0, padding;
+    if(length) {
+        new_data = new uint8_t[length];
+        memcpy(new_data, data, length);
+    }
     _options.push_back(TCPOption(tcp_option, length, new_data));
     _options_size += length + (sizeof(uint8_t) << 1);
     padding = _options_size & 3;
@@ -259,8 +262,9 @@ uint8_t *Tins::TCP::TCPOption::write(uint8_t *buffer) {
     else {
         buffer[0] = kind;
         buffer[1] = length + (sizeof(uint8_t) << 1);
-        memcpy(buffer + 2, data, length);
-        return buffer + length + (sizeof(uint8_t) << 1);
+        if(data)
+            memcpy(buffer + 2, data, length);
+        return buffer + buffer[1];
     }
 }