summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorbrian <brian@cvs.openbsd.org>1998-01-04 20:30:39 +0000
committerbrian <brian@cvs.openbsd.org>1998-01-04 20:30:39 +0000
commitd8038faaf2a21f6bae95c7bc7869b3eded020887 (patch)
treed13d09b134aadd03a81e7253ea9b405ef7fe2dbd /usr.sbin
parent24d863d7ad2ef250c049f7c4ca45e6efbcd264da (diff)
Don't scribble on the stack if our input packet is
bigger than our MRU. Moan and drop the packet instead.
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/ppp/ip.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/usr.sbin/ppp/ip.c b/usr.sbin/ppp/ip.c
index fc0dcfcc48c..2624b895e98 100644
--- a/usr.sbin/ppp/ip.c
+++ b/usr.sbin/ppp/ip.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: ip.c,v 1.4 1997/12/29 22:23:06 brian Exp $
+ * $Id: ip.c,v 1.5 1998/01/04 20:30:38 brian Exp $
*
* TODO:
* o Return ICMP message for filterd packet
@@ -396,6 +396,12 @@ IpInput(struct mbuf * bp)
cp = tun.data;
nb = 0;
for (wp = bp; wp; wp = wp->next) { /* Copy to contiguous region */
+ if (sizeof tun.data - (cp - tun.data) < wp->cnt) {
+ LogPrintf(LogERROR, "IpInput: Packet too large (%d) - dropped\n",
+ plength(bp));
+ pfree(bp);
+ return;
+ }
memcpy(cp, MBUF_CTOP(wp), wp->cnt);
cp += wp->cnt;
nb += wp->cnt;
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-15 23:59:29 +0000