diff options
Diffstat (limited to 'usr.sbin/ppp')
| -rw-r--r-- | usr.sbin/ppp/fsm.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/usr.sbin/ppp/fsm.c b/usr.sbin/ppp/fsm.c index f1124b5..1366921 100644 --- a/usr.sbin/ppp/fsm.c +++ b/usr.sbin/ppp/fsm.c @@ -976,9 +976,16 @@ fsm_Input(struct fsm *fp, struct mbuf *bp) } bp = mbuf_Read(bp, &lh, sizeof lh); - if (ntohs(lh.length) != len) + if (ntohs(lh.length) != len) { + if (ntohs(lh.length) > len) { + log_Printf(LogWARN, "%s: Oops: Got %d bytes but %d byte payload " + "- dropped\n", fp->link->name, len, (int)ntohs(lh.length)); + m_freem(bp); + return; + } log_Printf(LogWARN, "%s: Oops: Got %d bytes but %d byte payload\n", fp->link->name, len, (int)ntohs(lh.length)); + } if (lh.code < fp->min_code || lh.code > fp->max_code || lh.code > sizeof FsmCodes / sizeof *FsmCodes) { |
