diff options
| -rw-r--r-- | sys/net/if_spppsubr.c | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/sys/net/if_spppsubr.c b/sys/net/if_spppsubr.c index b5d7c1f5a5b..79568cf9311 100644 --- a/sys/net/if_spppsubr.c +++ b/sys/net/if_spppsubr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_spppsubr.c,v 1.53 2007/08/07 17:15:13 canacar Exp $ */ +/* $OpenBSD: if_spppsubr.c,v 1.54 2007/08/14 18:11:46 canacar Exp $ */ /* * Synchronous PPP/Cisco link level subroutines. * Keepalive protocol implemented in both Cisco and PPP modes. @@ -469,6 +469,25 @@ sppp_input(struct ifnet *ifp, struct mbuf *m) return; } + if (m->m_pkthdr.len > MCLBYTES) { + /* Too large packet, drop it. */ + if (debug) + log(LOG_DEBUG, + SPP_FMT "input packet is too large, %d bytes\n", + SPP_ARGS(ifp), m->m_pkthdr.len); + goto drop; + } + + m = m_pullup2(m, m->m_pkthdr.len); + if (m == NULL) { + if (debug) + log(LOG_DEBUG, + SPP_FMT "m_pullup2() failed!\n", SPP_ARGS(ifp)); + ++ifp->if_ierrors; + ++ifp->if_iqdrops; + return; + } + if (sp->pp_flags & PP_NOFRAMING) { prej = mtod(m, void *); memcpy(&ht.protocol, prej, sizeof(ht.protocol)); |