From d758a2e20d3969cf1e60133d203b44494db77cc6 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Fri, 28 Feb 2025 17:19:43 +0100
Subject: [PATCH] ARP boundary check

---
 src/NetworkInterface.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/NetworkInterface.cpp b/src/NetworkInterface.cpp
index 46d59427bbc8..f68dfc5eed80 100644
--- a/src/NetworkInterface.cpp
+++ b/src/NetworkInterface.cpp
@@ -3275,8 +3275,8 @@ bool NetworkInterface::dissectPacket(int32_t if_index,
     if (dstMac) dstMac->incRcvdStats(h->ts.tv_sec, 1, len_on_wire);
 #endif
 
-    if ((eth_type == ETHERTYPE_ARP) &&
-	(h->caplen >= (sizeof(arp_header) + sizeof(struct ndpi_ethhdr)))) {
+    if ((eth_type == ETHERTYPE_ARP)
+	&& (h->caplen >= (ip_offset + sizeof(arp_header)))) {
       struct arp_header *arpp = (struct arp_header *)&packet[ip_offset];
       u_int16_t arp_opcode = ntohs(arpp->ar_op);