From 85eeb1e3a9b977aa3728a40ff49136c90b39d210 Mon Sep 17 00:00:00 2001
From: YASUOKA Masahiko <yasuoka@cvs.openbsd.org>
Date: Fri, 13 Jun 2014 06:47:10 +0000
Subject: KASSERT in pipex_ppp_input() fails if a compressed PPP frame is
 received by the pipex session whose mppe is not accepted.  Fix
 ppp_common_input() to not pass such frames to pipex.

---
 sys/net/pipex.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/sys/net/pipex.c b/sys/net/pipex.c
index cba7ad53ea5..2fec5362900 100644
--- a/sys/net/pipex.c
+++ b/sys/net/pipex.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pipex.c,v 1.52 2014/06/13 06:44:11 yasuoka Exp $	*/
+/*	$OpenBSD: pipex.c,v 1.53 2014/06/13 06:47:09 yasuoka Exp $	*/
 
 /*-
  * Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -1040,9 +1040,13 @@ pipex_ppp_input(struct mbuf *m0, struct pipex_session *session, int decrypted)
 
 	proto = pipex_ppp_proto(m0, session, 0, &hlen);
 #ifdef PIPEX_MPPE
-	if (pipex_session_is_mppe_accepted(session) && proto == PPP_COMP) {
+	if (proto == PPP_COMP) {
 		if (decrypted)
 			goto drop;
+
+		/* checked this on ppp_common_input() already. */
+		KASSERT(pipex_session_is_mppe_accepted(session));
+
 		m_adj(m0, hlen);
 		pipex_mppe_input(m0, session);
 		return;
@@ -1306,6 +1310,9 @@ pipex_common_input(struct pipex_session *session, struct mbuf *m0, int hlen,
 		break;
 
 	case PPP_COMP:
+		if (pipex_session_is_mppe_accepted(session))
+			break;
+		goto not_ours;
 #endif
 	case PPP_IP:
 #ifdef INET6
-- 
cgit v1.2.3