diff -up openssh-5.2p1/canohost.c.ip-opts openssh-5.2p1/canohost.c
--- openssh-5.2p1/canohost.c.ip-opts	2009-02-14 06:28:21.000000000 +0100
+++ openssh-5.2p1/canohost.c	2009-09-01 15:31:29.000000000 +0200
@@ -169,12 +169,27 @@ check_ip_options(int sock, char *ipaddr)
 	option_size = sizeof(options);
 	if (getsockopt(sock, ipproto, IP_OPTIONS, options,
 	    &option_size) >= 0 && option_size != 0) {
-		text[0] = '\0';
-		for (i = 0; i < option_size; i++)
-			snprintf(text + i*3, sizeof(text) - i*3,
-			    " %2.2x", options[i]);
-		fatal("Connection from %.100s with IP options:%.800s",
-		    ipaddr, text);
+		i = 0;
+		do {
+			switch (options[i]) {
+				case 0:
+				case 1:
+					++i;
+					break;
+				case 131:
+				case 137:
+				/* Fail, fatally, if we detect either loose or strict
+			 	 * source routing options. */
+					text[0] = '\0';
+					for (i = 0; i < option_size; i++)
+						snprintf(text + i*3, sizeof(text) - i*3,
+							" %2.2x", options[i]);
+					fatal("Connection from %.100s with IP options:%.800s",
+						ipaddr, text);
+				default:
+					i += options[i + 1];
+			}
+		} while (i < option_size);
 	}
 #endif /* IP_OPTIONS */
 }