From 6a840817e3a5a5674fdc1122954c445bec78fd51 Mon Sep 17 00:00:00 2001
From: Fred Klassen <fred.klassen@broadcom.com>
Date: Sat, 6 Aug 2022 19:33:26 -0700
Subject: [PATCH] Bug #735 heap-overflow in get_l2len_protocol

---
 docs/CHANGELOG   | 1 +
 src/common/get.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/CHANGELOG b/docs/CHANGELOG
index 901b5959..2f24f7c5 100644
--- a/docs/CHANGELOG
+++ b/docs/CHANGELOG
@@ -1,4 +1,5 @@
 08/02/2022 Version 4.4.2 Beta 1
+    - heap-overflow in get_l2len_protocol (#735)
     - replaying on a loopback interface is broken (#732)
     - replay edit with both --loop and --preload_pcap options (#729)
     - test suite bus error on armhf (#725)
diff --git a/src/common/get.c b/src/common/get.c
index 923c5fb1..836e3c94 100644
--- a/src/common/get.c
+++ b/src/common/get.c
@@ -337,7 +337,7 @@ int get_l2len_protocol(const u_char *pktdata,
                            vlan_offset))
             return -1;
 
-        if (datalen < l2_net_off)
+        if (datalen <= l2_net_off)
             return -1;
 
         *l2len = l2_net_off;