d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Correct L2TP header offset handling:

Browse Source 
- according to RFC2661 an offset size of 0 is allowed.
- when skipping offset padding do not forget to also skip
  the 2 octets of the offset size field.

Reviewed by:	archie
Approved by:	pjd (mentor)
This commit is contained in:
Bjoern A. Zeeb 2004-08-03 06:37:46 +00:00
parent 49728ffc2f
commit ddb7229415
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/netgraph/ng_l2tp.c
View File

@ -819,13 +819,13 @@ ng_l2tp_recv_lower(node_p node, item_p item)
offset = ntohs(offset);
/* Trim offset padding */
if (offset <= 2 || offset > m->m_pkthdr.len) {
if ((2+offset) > m->m_pkthdr.len) {
priv->stats.recvInvalid++;
NG_FREE_ITEM(item);
NG_FREE_M(m);
return (EINVAL);
}
m_adj(m, offset);
m_adj(m, 2+offset);
}
/* Handle control packets */