d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

If the fsm header reports a length greater than the packet size,

Browse Source 
drop the packet rather than just whinging about it in the log.
If the fsm header has a smaller length, continue to whinge.
This commit is contained in:
Brian Somers 2000-05-26 21:11:55 +00:00
parent 1bdd62fc06
commit 962a3cbc83
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
usr.sbin/ppp/fsm.c
View File

@ -976,9 +976,16 @@ fsm_Input(struct fsm *fp, struct mbuf *bp)
}
bp = mbuf_Read(bp, &lh, sizeof lh);
if (ntohs(lh.length) != len)
if (ntohs(lh.length) != len) {
if (ntohs(lh.length) > len) {
log_Printf(LogWARN, "%s: Oops: Got %d bytes but %d byte payload "
"- dropped\n", fp->link->name, len, (int)ntohs(lh.length));
m_freem(bp);
return;
}
log_Printf(LogWARN, "%s: Oops: Got %d bytes but %d byte payload\n",
fp->link->name, len, (int)ntohs(lh.length));
}
if (lh.code < fp->min_code || lh.code > fp->max_code ||
lh.code > sizeof FsmCodes / sizeof *FsmCodes) {