From c9568142723fb3671c8a8e7d21d6274a2ef01c58 Mon Sep 17 00:00:00 2001 From: brian Date: Fri, 14 May 1999 09:35:51 +0000 Subject: Ensure that we're not going to overflow our ``struct tun'' when we mbuf_Read() into it. Add the link name to a few diagnostics. --- usr.sbin/ppp/ip.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'usr.sbin/ppp/ip.c') diff --git a/usr.sbin/ppp/ip.c b/usr.sbin/ppp/ip.c index cc471a5..f6acf85 100644 --- a/usr.sbin/ppp/ip.c +++ b/usr.sbin/ppp/ip.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: ip.c,v 1.59 1999/05/08 11:06:42 brian Exp $ + * $Id: ip.c,v 1.60 1999/05/09 20:02:19 brian Exp $ * * TODO: * o Return ICMP message for filterd packet @@ -395,6 +395,12 @@ ip_Input(struct bundle *bundle, struct link *l, struct mbuf *bp) tun_fill_header(tun, AF_INET); nb = mbuf_Length(bp); + if (nb > sizeof tun.data) { + log_Printf(LogWARN, "ip_Input: %s: Packet too large (got %d, max %d)\n", + l->name, nb, (int)(sizeof tun.data)); + mbuf_Free(bp); + return NULL; + } mbuf_Read(bp, tun.data, nb); if (PacketCheck(bundle, tun.data, nb, &bundle->filter.in) < 0) @@ -410,9 +416,10 @@ ip_Input(struct bundle *bundle, struct link *l, struct mbuf *bp) nw = write(bundle->dev.fd, &tun, nb); if (nw != nb) { if (nw == -1) - log_Printf(LogERROR, "ip_Input: wrote %d, got %s\n", nb, strerror(errno)); + log_Printf(LogERROR, "ip_Input: %s: wrote %d, got %s\n", + l->name, nb, strerror(errno)); else - log_Printf(LogERROR, "ip_Input: wrote %d, got %d\n", nb, nw); + log_Printf(LogERROR, "ip_Input: %s: wrote %d, got %d\n", l->name, nb, nw); } return NULL; -- cgit v1.1