X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/079ae2ec840c74790bfe3826cbc979eb6075b09b..af5792cb6a1ee10e11eb7439242834b967e98db8:/ppp.c diff --git a/ppp.c b/ppp.c index 95c5f2c..578273a 100644 --- a/ppp.c +++ b/ppp.c @@ -1,6 +1,6 @@ // L2TPNS PPP Stuff -char const *cvs_id_ppp = "$Id: ppp.c,v 1.93 2006/01/19 21:06:39 bodea Exp $"; +char const *cvs_id_ppp = "$Id: ppp.c,v 1.97 2006/03/27 03:01:08 bodea Exp $"; #include #include @@ -582,6 +582,7 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) if (mru >= MINMTU) { session[s].mru = mru; + cluster_send_session(s); break; } @@ -746,6 +747,7 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) case 1: // Maximum-Receive-Unit if (*p == ConfigNak) { + if (length < 4) break; sess_local[s].ppp_mru = ntohs(*(uint16_t *)(o + 2)); LOG(3, s, t, " Remote requested MRU of %u\n", sess_local[s].ppp_mru); } @@ -763,14 +765,18 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) if (*p == ConfigNak) { - int proto = ntohs(*(uint16_t *)(o + 2)); + int proto; + + if (length < 4) break; + proto = ntohs(*(uint16_t *)(o + 2)); + if (proto == PPPPAP) { authtype = config->radius_authtypes & AUTHPAP; LOG(3, s, t, " Remote requested PAP authentication...%sing\n", authtype ? "accept" : "reject"); } - else if (proto == PPPCHAP && *(o + 4) == 5) + else if (proto == PPPCHAP && length > 4 && *(o + 4) == 5) { authtype = config->radius_authtypes & AUTHCHAP; LOG(3, s, t, " Remote requested CHAP authentication...%sing\n", @@ -791,14 +797,20 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) break; case 5: // Magic-Number + session[s].magic = 0; if (*p == ConfigNak) { + if (length < 6) break; session[s].magic = ntohl(*(uint32_t *)(o + 2)); - LOG(3, s, t, " Remote requested magic-no %x\n", session[s].magic); - if (!session[s].magic) session[s].magic = time_now; // Netgear DG814 sends zero?? - break; } - // ConfigRej: fallthrough + + if (session[s].magic) + LOG(3, s, t, " Remote requested magic-no %x\n", session[s].magic); + else + LOG(3, s, t, " Remote rejected magic-no\n"); + + cluster_send_session(s); + break; default: LOG(2, s, t, "LCP: remote sent %s for type %u?\n", ppp_code(*p), type); @@ -955,7 +967,7 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) CSTAT(processipcp); LOG_HEX(5, "IPCP", p, l); - if (l < 5) + if (l < 4) { LOG(1, s, t, "Short IPCP %d bytes\n", l); STAT(tunnel_rx_errors); @@ -1012,11 +1024,13 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) while (length > 2) { + if (!o[1] || o[1] > length) return; + switch (*o) { case 3: // ip address gotip++; // seen address - if (o[1] != 6 || o[1] > length) return; + if (o[1] != 6) return; addr = htonl(session[s].ip); if (memcmp(o + 2, &addr, (sizeof addr))) @@ -1033,7 +1047,7 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) break; case 129: // primary DNS - if (o[1] != 6 || o[1] > length) return; + if (o[1] != 6) return; addr = htonl(session[s].dns1); if (memcmp(o + 2, &addr, (sizeof addr))) @@ -1045,7 +1059,7 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) break; case 131: // secondary DNS - if (o[1] != 6 || o[1] > length) return; + if (o[1] != 6) return; addr = htonl(session[s].dns2); if (memcmp(o + 2, &addr, sizeof(addr))) @@ -1237,11 +1251,13 @@ void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) while (length > 2) { + if (!o[1] || o[1] > length) return; + switch (*o) { case 1: // interface identifier gotip++; // seen address - if (o[1] != 10 || o[1] > length) return; + if (o[1] != 10) return; *(uint32_t *) ident = htonl(session[s].ip); *(uint32_t *) (ident + 4) = 0; @@ -1758,7 +1774,6 @@ void sendchap(sessionidt s, tunnelidt t) } // fill in a L2TP message with a PPP frame, -// copies existing PPP message and changes magic number if seen // returns start of PPP frame uint8_t *makeppp(uint8_t *b, int size, uint8_t *p, int l, sessionidt s, tunnelidt t, uint16_t mtype) { @@ -1823,7 +1838,7 @@ static int add_lcp_auth(uint8_t *b, int size, int authtype) return len; } -// Send initial LCP ConfigReq for MRU, authentication type and magic no +// Send LCP ConfigReq for MRU, authentication type and magic no void sendlcp(sessionidt s, tunnelidt t) { uint8_t b[500], *q, *l; @@ -1852,9 +1867,12 @@ void sendlcp(sessionidt s, tunnelidt t) if (authtype) l += add_lcp_auth(l, sizeof(b) - (l - b), authtype); - *l++ = 5; *l++ = 6; // Magic-Number (length 6) - *(uint32_t *) l = htonl(session[s].magic); - l += 4; + if (session[s].magic) + { + *l++ = 5; *l++ = 6; // Magic-Number (length 6) + *(uint32_t *) l = htonl(session[s].magic); + l += 4; + } *(uint16_t *)(q + 2) = htons(l - q); // Length