Description: fix denial of service via pinger and ICMPv6 packet
Origin: upstream, http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch
BUg-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819783

Index: squid3-3.5.12/src/icmp/Icmp6.cc
===================================================================
--- squid3-3.5.12.orig/src/icmp/Icmp6.cc	2015-12-02 13:10:29.000000000 -0500
+++ squid3-3.5.12/src/icmp/Icmp6.cc	2016-06-07 08:06:57.050667008 -0400
@@ -256,7 +256,7 @@
     #define ip6_hops    // HOPS!!!  (can it be true??)
 
         ip = (struct ip6_hdr *) pkt;
-        pkt += sizeof(ip6_hdr);
+        NP: echo size needs to +sizeof(ip6_hdr);
 
     debugs(42, DBG_CRITICAL, HERE << "ip6_nxt=" << ip->ip6_nxt <<
             ", ip6_plen=" << ip->ip6_plen <<
@@ -267,7 +267,6 @@
     */
 
     icmp6header = (struct icmp6_hdr *) pkt;
-    pkt += sizeof(icmp6_hdr);
 
     if (icmp6header->icmp6_type != ICMP6_ECHO_REPLY) {
 
@@ -292,7 +291,7 @@
         return;
     }
 
-    echo = (icmpEchoData *) pkt;
+    echo = (icmpEchoData *) (pkt + sizeof(icmp6_hdr));
 
     preply.opcode = echo->opcode;