diff options
| author | Can Erkin Acar <canacar@cvs.openbsd.org> | 2007-08-14 18:11:47 +0000 |
|---|---|---|
| committer | Can Erkin Acar <canacar@cvs.openbsd.org> | 2007-08-14 18:11:47 +0000 |
| commit | 50483f350b481f10e9cac20b3f7afdd0a4bfd711 (patch) | |
| tree | 2c52995e4a32d4f5f4a48881986b18880060fb14 /sys | |
| parent | deeec3d2f7ad429540fd66a31f0d15b8dd4337b6 (diff) | |
Make sure all the packet is in one continuous mbuf.
This is a bandaid solution, a better solution will go
in post 4.2. Reported and tested by Joerg Zinke.
ok claudio@, deraadt@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/if_spppsubr.c | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/sys/net/if_spppsubr.c b/sys/net/if_spppsubr.c index b5d7c1f5a5b..79568cf9311 100644 --- a/sys/net/if_spppsubr.c +++ b/sys/net/if_spppsubr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_spppsubr.c,v 1.53 2007/08/07 17:15:13 canacar Exp $ */ +/* $OpenBSD: if_spppsubr.c,v 1.54 2007/08/14 18:11:46 canacar Exp $ */ /* * Synchronous PPP/Cisco link level subroutines. * Keepalive protocol implemented in both Cisco and PPP modes. @@ -469,6 +469,25 @@ sppp_input(struct ifnet *ifp, struct mbuf *m) return; } + if (m->m_pkthdr.len > MCLBYTES) { + /* Too large packet, drop it. */ + if (debug) + log(LOG_DEBUG, + SPP_FMT "input packet is too large, %d bytes\n", + SPP_ARGS(ifp), m->m_pkthdr.len); + goto drop; + } + + m = m_pullup2(m, m->m_pkthdr.len); + if (m == NULL) { + if (debug) + log(LOG_DEBUG, + SPP_FMT "m_pullup2() failed!\n", SPP_ARGS(ifp)); + ++ifp->if_ierrors; + ++ifp->if_iqdrops; + return; + } + if (sp->pp_flags & PP_NOFRAMING) { prej = mtod(m, void *); memcpy(&ht.protocol, prej, sizeof(ht.protocol)); |