From b5e046b6937cff924f60a0ac1bac703f2d468c2b Mon Sep 17 00:00:00 2001
From: kris <kris@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Wed, 11 Jun 2008 06:11:52 +0000
Subject: [PATCH] Fixing another bug found by Ilja, this time in Idle Scan:
 ipid_proxy_probe() was calling readtcppacket() with an unverified length
 argument.

---
 idle_scan.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/idle_scan.cc b/idle_scan.cc
index 8b10e9ad6..195048995 100644
--- a/idle_scan.cc
+++ b/idle_scan.cc
@@ -226,7 +226,7 @@ static int ipid_proxy_probe(struct idle_proxy_info *proxy, int *probes_sent,
 	    }
 	    else if (o.debugging > 1) {
 	      error("Received unexpected response packet from %s during IP ID zombie probing:", inet_ntoa(ip->ip_src));
-	      readtcppacket( (unsigned char *) ip,ntohs(ip->ip_len));
+	      readtcppacket( (unsigned char *) ip,MIN(ntohs(ip->ip_len), bytes));
 	    }
 	    continue;
 	  }