Index: decode.c
===================================================================
RCS file: /cvsroot/snort/src/decode.c,v
retrieving revision 1.130
retrieving revision 1.131
diff -u -3 -p -r1.130 -r1.131
--- decode.c	13 Oct 2006 17:40:42 -0000	1.130
+++ decode.c	10 Jan 2007 22:41:54 -0000	1.131
@@ -1,4 +1,4 @@
-/* $Id: decode.c,v 1.130 2006/10/13 17:40:42 ssturges Exp $ */
+/* $Id: decode.c,v 1.131 2007/01/10 22:41:54 ssturges Exp $ */
 
 /*
 ** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
@@ -2339,14 +2339,19 @@ void DecodeIP(u_int8_t * pkt, const u_in
     else
     {
 #ifdef GRE
-    /* if delivery header for GRE encapsulated packet is IP and it 
-     * had options, p->ip_options_data will be pointing to this outer
-     * IP's options
-     * set to NULL so these options aren't associated with this inner IP
-     * since p->iph will be pointing to this inner IP
-     */
-    if (p->greh != NULL)
-        p->ip_options_data = NULL;
+        /* If delivery header for GRE encapsulated packet is IP and it 
+         * had options, the packet's ip options will be refering to this
+         * outer IP's options
+         * Zero these options so they aren't associated with this inner IP
+         * since p->iph will be pointing to this inner IP
+         */
+        if (p->greh != NULL)
+        {
+            p->ip_options_data = NULL;
+            p->ip_options_len = 0;
+            memset(&(p->ip_options[0]), 0, sizeof(p->ip_options));
+            p->ip_lastopt_bad = 0;
+        }
 #endif
 
         p->ip_option_count = 0;
@@ -3462,7 +3467,7 @@ void DecodeGRE(u_int8_t *pkt, const u_in
     u_int32_t hlen;    /* GRE header length */
     u_int32_t payload_len;
    
-    if (len < sizeof(GREHdr))
+    if (len < GRE_HEADER_LEN)
     {
         if(pv.verbose_flag)
             ErrorMessage("GRE header length > rest of packet length");
@@ -3553,8 +3558,10 @@ void DecodeGRE(u_int8_t *pkt, const u_in
 
             sre_addrfamily = ntohs(*((u_int16_t *)sre_ptr));
             sre_ptr += sizeof(sre_addrfamily);
+
             sre_offset = *((u_int8_t *)sre_ptr);
             sre_ptr += sizeof(sre_offset);
+
             sre_length = *((u_int8_t *)sre_ptr);
             sre_ptr += sizeof(sre_length);
 
@@ -3566,9 +3573,7 @@ void DecodeGRE(u_int8_t *pkt, const u_in
         }
     }
 
-    payload_len = len - hlen;
-
-    if (payload_len < 0)
+    if (hlen > len)
     {
         if(pv.verbose_flag)
             ErrorMessage("GRE header length > rest of packet length");
@@ -3589,7 +3594,9 @@ void DecodeGRE(u_int8_t *pkt, const u_in
         return;
     }
 
-    /* send to next protocol decoder */
+    payload_len = len - hlen;
+
+    /* Send to next protocol decoder */
     /* As described in RFC 2784 the possible protocols are listed in
      * RFC 1700 under "ETHER TYPES"
      * See also "Current List of Protocol Types" in RFC 1701