From 49e020aaebd9e8ed6fc3e956784342057e443551 Mon Sep 17 00:00:00 2001
From: marcus <marcus@FreeBSD.org>
Date: Thu, 3 Mar 2005 03:06:37 +0000
Subject: Fix a problem in the Skinny ALG where a specially crafted packet
 could cause a libalias application (e.g.  natd, ppp, etc.) to crash.  Note:
 Skinny support is not enabled in natd or ppp by default.

Approved by:	secteam (nectar)
MFC after:	1 day
Secuiryt:	This fixes a remote DoS exploit
---
 sys/netinet/libalias/alias_skinny.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'sys/netinet')

diff --git a/sys/netinet/libalias/alias_skinny.c b/sys/netinet/libalias/alias_skinny.c
index 74c283c..d1e4a14 100644
--- a/sys/netinet/libalias/alias_skinny.c
+++ b/sys/netinet/libalias/alias_skinny.c
@@ -216,11 +216,11 @@ alias_skinny_opnrcvch_ack(struct libalias *la, struct OpenReceiveChannelAck *opn
 void
 AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *lnk)
 {
-	int hlen, tlen, dlen;
+	size_t hlen, tlen, dlen;
 	struct tcphdr *tc;
-	int32_t msgId, len, t, lip;
+	u_int32_t msgId, t, len, lip;
 	struct skinny_header *sd;
-	int orig_len, skinny_hdr_len = sizeof(struct skinny_header);
+	size_t orig_len, skinny_hdr_len = sizeof(struct skinny_header);
 	ConvDirection direction;
 
 	tc = (struct tcphdr *)ip_next(pip);
@@ -297,7 +297,7 @@ AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *lnk)
 				return;
 			}
 #ifdef DEBUG
-			fprintf(stderr
+			fprintf(stderr,
 			    "PacketAlias/Skinny: Received ipport message\n");
 #endif
 			port_mesg = (struct IpPortMessage *)&sd->msgId;
-- 
cgit v1.1