The following patch seems to fix it.
--
Frank - my stupid blog: http://00f.net
L'annuaire des professionnels de la manucure et de la pedicure :
http://www.manucure-pro.com
$OpenBSD$
--- src/tcp.c.orig Sun Jan 29 20:26:17 2006
+++ src/tcp.c Sun Jan 29 20:27:54 2006
@@ -125,7 +125,9 @@ static int get_ts(struct tcphdr * this_t
unsigned int tmp_ts;
unsigned char * options = (char*)(this_tcphdr + 1);
int ind = 0, ret = 0;
- while (ind <= len - sizeof (struct tcphdr) - 10 )
+ if (len <= sizeof(struct tcphdr) + 10)
+ return 0;
+ while (ind < len - sizeof (struct tcphdr) - 10 )
switch (options[ind]) {
case 0: /* TCPOPT_EOL */
return ret;
