diff options
Diffstat (limited to 'usr.sbin/ppp/ipcp.c')
-rw-r--r-- | usr.sbin/ppp/ipcp.c | 48 |
1 files changed, 28 insertions, 20 deletions
diff --git a/usr.sbin/ppp/ipcp.c b/usr.sbin/ppp/ipcp.c index 9094845..3a410d1 100644 --- a/usr.sbin/ppp/ipcp.c +++ b/usr.sbin/ppp/ipcp.c @@ -192,6 +192,10 @@ ipcp_LoadDNS(struct ipcp *ipcp) if (fstat(fd, &st) == 0) { ssize_t got; + /* + * Note, ns.resolv and ns.resolv_nons are assumed to always point to + * buffers of the same size! See the strcpy() below. + */ if ((ipcp->ns.resolv_nons = (char *)malloc(st.st_size + 1)) == NULL) log_Printf(LogERROR, "Failed to malloc %lu for %s: %s\n", (unsigned long)st.st_size, _PATH_RESCONF, strerror(errno)); @@ -252,6 +256,10 @@ ipcp_LoadDNS(struct ipcp *ipcp) else cp++; } + /* + * Note, cp_nons and cp always point to buffers of the same size, so + * strcpy is ok! + */ strcpy(cp_nons, cp); /* Copy the end - including the NUL */ cp_nons += strlen(cp_nons) - 1; while (cp_nons >= ipcp->ns.resolv_nons && *cp_nons == '\n') @@ -746,7 +754,7 @@ IpcpSendConfigReq(struct fsm *fp) /* Send config REQ please */ struct physical *p = link2physical(fp->link); struct ipcp *ipcp = fsm2ipcp(fp); - u_char buff[24]; + u_char buff[MAX_FSM_OPT_LEN]; struct fsm_opt *o; o = (struct fsm_opt *)buff; @@ -1045,7 +1053,7 @@ IpcpDecodeConfig(struct fsm *fp, u_char *cp, u_char *end, int mode_type, struct ipcp *ipcp = fsm2ipcp(fp); int gotdnsnak; u_int32_t compproto; - struct compreq *pcomp; + struct compreq pcomp; struct in_addr ipaddr, dstipaddr, have_ip; char tbuff[100], tbuff2[100]; struct fsm_opt *opt, nak; @@ -1093,9 +1101,9 @@ IpcpDecodeConfig(struct fsm *fp, u_char *cp, u_char *end, int mode_type, break; case TY_COMPPROTO: - pcomp = (struct compreq *)opt->data; - compproto = (ntohs(pcomp->proto) << 16) + ((int)pcomp->slots << 8) + - pcomp->compcid; + memcpy(&pcomp, opt->data, sizeof pcomp); + compproto = (ntohs(pcomp.proto) << 16) + ((int)pcomp.slots << 8) + + pcomp.compcid; log_Printf(LogIPCP, "%s %s\n", tbuff, vj2asc(compproto)); switch (mode_type) { @@ -1105,14 +1113,14 @@ IpcpDecodeConfig(struct fsm *fp, u_char *cp, u_char *end, int mode_type, else { switch (opt->hdr.len) { case 4: /* RFC1172 */ - if (ntohs(pcomp->proto) == PROTO_VJCOMP) { + if (ntohs(pcomp.proto) == PROTO_VJCOMP) { log_Printf(LogWARN, "Peer is speaking RFC1172 compression " "protocol !\n"); ipcp->heis1172 = 1; ipcp->peer_compproto = compproto; fsm_ack(dec, opt); } else { - pcomp->proto = htons(PROTO_VJCOMP); + pcomp.proto = htons(PROTO_VJCOMP); nak.hdr.id = TY_COMPPROTO; nak.hdr.len = 4; memcpy(nak.data, &pcomp, 2); @@ -1120,9 +1128,9 @@ IpcpDecodeConfig(struct fsm *fp, u_char *cp, u_char *end, int mode_type, } break; case 6: /* RFC1332 */ - if (ntohs(pcomp->proto) == PROTO_VJCOMP) { - /* We know pcomp->slots' max value == MAX_VJ_STATES */ - if (pcomp->slots >= MIN_VJ_STATES) { + if (ntohs(pcomp.proto) == PROTO_VJCOMP) { + /* We know pcomp.slots' max value == MAX_VJ_STATES */ + if (pcomp.slots >= MIN_VJ_STATES) { /* Ok, we can do that */ ipcp->peer_compproto = compproto; ipcp->heis1172 = 0; @@ -1130,7 +1138,7 @@ IpcpDecodeConfig(struct fsm *fp, u_char *cp, u_char *end, int mode_type, } else { /* Get as close as we can to what he wants */ ipcp->heis1172 = 0; - pcomp->slots = MIN_VJ_STATES; + pcomp.slots = MIN_VJ_STATES; nak.hdr.id = TY_COMPPROTO; nak.hdr.len = 4; memcpy(nak.data, &pcomp, 2); @@ -1138,9 +1146,9 @@ IpcpDecodeConfig(struct fsm *fp, u_char *cp, u_char *end, int mode_type, } } else { /* What we really want */ - pcomp->proto = htons(PROTO_VJCOMP); - pcomp->slots = DEF_VJ_STATES; - pcomp->compcid = 1; + pcomp.proto = htons(PROTO_VJCOMP); + pcomp.slots = DEF_VJ_STATES; + pcomp.compcid = 1; nak.hdr.id = TY_COMPPROTO; nak.hdr.len = 6; memcpy(nak.data, &pcomp, sizeof pcomp); @@ -1155,12 +1163,12 @@ IpcpDecodeConfig(struct fsm *fp, u_char *cp, u_char *end, int mode_type, break; case MODE_NAK: - if (ntohs(pcomp->proto) == PROTO_VJCOMP) { - /* We know pcomp->slots' max value == MAX_VJ_STATES */ - if (pcomp->slots < MIN_VJ_STATES) - pcomp->slots = MIN_VJ_STATES; - compproto = (ntohs(pcomp->proto) << 16) + (pcomp->slots << 8) + - pcomp->compcid; + if (ntohs(pcomp.proto) == PROTO_VJCOMP) { + /* We know pcomp.slots' max value == MAX_VJ_STATES */ + if (pcomp.slots < MIN_VJ_STATES) + pcomp.slots = MIN_VJ_STATES; + compproto = (ntohs(pcomp.proto) << 16) + (pcomp.slots << 8) + + pcomp.compcid; } else compproto = 0; log_Printf(LogIPCP, "%s changing compproto: %08x --> %08x\n", |