summaryrefslogtreecommitdiffstats
path: root/usr.sbin/ppp/fsm.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr.sbin/ppp/fsm.c')
-rw-r--r--usr.sbin/ppp/fsm.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/usr.sbin/ppp/fsm.c b/usr.sbin/ppp/fsm.c
index 48c7b2e..2e2a2ea 100644
--- a/usr.sbin/ppp/fsm.c
+++ b/usr.sbin/ppp/fsm.c
@@ -893,8 +893,10 @@ FsmRecvEchoReq(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
u_char *cp;
u_int32_t magic;
+ bp = mbuf_Contiguous(bp);
mbuf_SetType(bp, MB_ECHOIN);
- if (lcp && mbuf_Length(bp) >= 4) {
+
+ if (lcp && ntohs(lhp->length) - sizeof *lhp >= 4) {
cp = MBUF_CTOP(bp);
ua_ntohl(cp, &magic);
if (magic != lcp->his_magic) {
@@ -905,7 +907,8 @@ FsmRecvEchoReq(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
}
if (fp->state == ST_OPENED) {
ua_htonl(&lcp->want_magic, cp); /* local magic */
- fsm_Output(fp, CODE_ECHOREP, lhp->id, cp, mbuf_Length(bp), MB_ECHOOUT);
+ fsm_Output(fp, CODE_ECHOREP, lhp->id, cp,
+ ntohs(lhp->length) - sizeof *lhp, MB_ECHOOUT);
}
}
mbuf_Free(bp);
@@ -972,6 +975,11 @@ fsm_Input(struct fsm *fp, struct mbuf *bp)
return;
}
bp = mbuf_Read(bp, &lh, sizeof lh);
+
+ if (ntohs(lh.length) != len)
+ log_Printf(LogWARN, "%s: Oops: Got %d bytes but %d byte payload\n",
+ fp->link->name, len, (int)ntohs(lh.length));
+
if (lh.code < fp->min_code || lh.code > fp->max_code ||
lh.code > sizeof FsmCodes / sizeof *FsmCodes) {
/*
OpenPOWER on IntegriCloud