From 7012d02ab469e2ad57041cb13f7042ea2a06f88c Mon Sep 17 00:00:00 2001
From: Michal Zima <xhire@mujmalysvet.cz>
Date: Fri, 27 Apr 2012 14:43:09 +0200
Subject: [PATCH] Incorrect computing of packet size caused SIGSEGV

---
 src/tcp.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/tcp.c b/src/tcp.c
index d82e468..3232b34 100644
--- a/src/tcp.c
+++ b/src/tcp.c
@@ -219,7 +219,6 @@ int tcp_ipv6(struct s_ethernet *eth6, struct s_ipv6 *ip6, char *payload)
 	unsigned short orig_checksum;
 	struct s_ipv4 *ip4;
 	unsigned char *packet;
-	unsigned int   packet_size;
 
 	/* parse TCP header */
 	tcp = (struct s_tcp *) payload;
@@ -249,8 +248,8 @@ int tcp_ipv6(struct s_ethernet *eth6, struct s_ipv6 *ip6, char *payload)
 	}
 
 	/* allocate memory for translated packet */
-	packet_size = sizeof(struct s_ipv4) + ip6->len;
-	if ((packet = (unsigned char *) malloc(packet_size)) == NULL) {
+	if ((packet = (unsigned char *) malloc(sizeof(struct s_ipv4) +
+	    htons(ip6->len))) == NULL) {
 		fprintf(stderr, "[Error] Lack of free memory\n");
 		return 1;
 	}