diff -up openssh/sshd.c.ip-opts openssh/sshd.c --- openssh/sshd-session.c.ip-opts 2016-07-25 13:58:48.998507834 +0200 +++ openssh/sshd-session.c 2016-07-25 14:01:28.346469878 +0200 @@ -1507,12 +1507,32 @@ check_ip_options(struct ssh *ssh) if (getsockopt(sock_in, IPPROTO_IP, IP_OPTIONS, opts, &option_size) >= 0 && option_size != 0) { - text[0] = '\0'; - for (i = 0; i < option_size; i++) - snprintf(text + i*3, sizeof(text) - i*3, - " %2.2x", opts[i]); - fatal("Connection from %.100s port %d with IP opts: %.800s", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), text); + i = 0; + do { + switch (opts[i]) { + case 0: + case 1: + ++i; + break; + case 130: + case 133: + case 134: + if (i + 1 < option_size && opts[i + 1] >= 2) { + i += opts[i + 1]; + break; + } + /* FALLTHROUGH */ + default: + /* Fail, fatally, if we detect either loose or strict + * or incorrect source routing options. */ + text[0] = '\0'; + for (i = 0; i < option_size; i++) + snprintf(text + i*3, sizeof(text) - i*3, + " %2.2x", opts[i]); + fatal("Connection from %.100s port %d with IP options:%.800s", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), text); + } + } while (i < option_size); } #endif /* IP_OPTIONS */ }