From 85eeb1e3a9b977aa3728a40ff49136c90b39d210 Mon Sep 17 00:00:00 2001 From: YASUOKA Masahiko <yasuoka@cvs.openbsd.org> Date: Fri, 13 Jun 2014 06:47:10 +0000 Subject: KASSERT in pipex_ppp_input() fails if a compressed PPP frame is received by the pipex session whose mppe is not accepted. Fix ppp_common_input() to not pass such frames to pipex. --- sys/net/pipex.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/sys/net/pipex.c b/sys/net/pipex.c index cba7ad53ea5..2fec5362900 100644 --- a/sys/net/pipex.c +++ b/sys/net/pipex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pipex.c,v 1.52 2014/06/13 06:44:11 yasuoka Exp $ */ +/* $OpenBSD: pipex.c,v 1.53 2014/06/13 06:47:09 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -1040,9 +1040,13 @@ pipex_ppp_input(struct mbuf *m0, struct pipex_session *session, int decrypted) proto = pipex_ppp_proto(m0, session, 0, &hlen); #ifdef PIPEX_MPPE - if (pipex_session_is_mppe_accepted(session) && proto == PPP_COMP) { + if (proto == PPP_COMP) { if (decrypted) goto drop; + + /* checked this on ppp_common_input() already. */ + KASSERT(pipex_session_is_mppe_accepted(session)); + m_adj(m0, hlen); pipex_mppe_input(m0, session); return; @@ -1306,6 +1310,9 @@ pipex_common_input(struct pipex_session *session, struct mbuf *m0, int hlen, break; case PPP_COMP: + if (pipex_session_is_mppe_accepted(session)) + break; + goto not_ours; #endif case PPP_IP: #ifdef INET6 -- cgit v1.2.3