projects
/
l2tpns.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
af4e0b7
)
add length checks and comments to proxy LCP parsing
author
bodea
<bodea>
Fri, 5 Nov 2004 02:25:25 +0000
(
02:25
+0000)
committer
bodea
<bodea>
Fri, 5 Nov 2004 02:25:25 +0000
(
02:25
+0000)
l2tpns.c
patch
|
blob
|
history
diff --git
a/l2tpns.c
b/l2tpns.c
index
6b0e620
..
35a04b4
100644
(file)
--- a/
l2tpns.c
+++ b/
l2tpns.c
@@
-4,7
+4,7
@@
// Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
// vim: sw=8 ts=8
// Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
// vim: sw=8 ts=8
-char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.4
1 2004/11/04 06:05:5
5 bodea Exp $";
+char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.4
2 2004/11/05 02:25:2
5 bodea Exp $";
#include <arpa/inet.h>
#include <assert.h>
#include <arpa/inet.h>
#include <assert.h>
@@
-1668,39
+1668,23
@@
void processudp(u8 * buf, int len, struct sockaddr_in *addr)
case 27: // last send lcp
{ // find magic number
u8 *p = b, *e = p + n;
case 27: // last send lcp
{ // find magic number
u8 *p = b, *e = p + n;
- while (p
< e && p[1]
)
+ while (p
+ 1 < e && p[1] && p + p[1] <= e
)
{
{
- if (*p == 5 && p[1] == 6)
+ if (*p == 5 && p[1] == 6)
// Magic-Number
amagic = ntohl(*(u32 *) (p + 2));
amagic = ntohl(*(u32 *) (p + 2));
- else if (*p == 3 && p[1] == 5 && *(u16 *) (p + 2) == htons(PPPCHAP) && p[4] == 5)
+ else if (*p == 3 && p[1] == 5 && *(u16 *) (p + 2) == htons(PPPCHAP) && p[4] == 5)
// Authentication-Protocol
chap = 1;
chap = 1;
- else if (*p == 7)
+ else if (*p == 7)
// Protocol-Field-Compression
aflags |= SESSIONPFC;
aflags |= SESSIONPFC;
- else if (*p == 8)
+ else if (*p == 8)
// Address-and-Control-Field-Compression
aflags |= SESSIONACFC;
p += p[1];
}
aflags |= SESSIONACFC;
p += p[1];
}
-
- {
- char tmp[500] = {0};
- tmp[0] = ConfigReq;
- memcpy((tmp + 1), b, n);
- }
}
break;
case 28: // last recv lcp confreq
}
break;
case 28: // last recv lcp confreq
- {
- char tmp[500] = {0};
- tmp[0] = ConfigReq;
- memcpy((tmp + 1), b, n);
- break;
- }
+ break;
case 26: // Initial Received LCP CONFREQ
case 26: // Initial Received LCP CONFREQ
- {
- char tmp[500] = {0};
- tmp[0] = ConfigReq;
- memcpy((tmp + 1), b, n);
- }
break;
case 39: // seq required - we control it as an LNS anyway...
break;
break;
case 39: // seq required - we control it as an LNS anyway...
break;