sysmocom
/
ofono
mirror of git://git.sysmocom.de/ofono
11
0
Fork 0
Code Issues Releases Activity

ppp: fix segfault in pppcp_send_code_reject() 

fix memory corruption caused by misplaced paren when memcpying
rejected packet data into Code-Reject packet.
This commit is contained in:
Kristen Carlson Accardi 2010-03-26 18:34:26 -07:00 committed by Marcel Holtmann
parent 9bb65275eb
commit 909ab154a4
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
gatchat/ppp_cp.c
View File

@ -454,9 +454,12 @@ static void pppcp_send_code_reject(struct pppcp_data *data,
guint8 *rejected_packet)
{
struct pppcp_packet *packet;
struct pppcp_packet *old_packet =
(struct pppcp_packet *) rejected_packet;
packet = pppcp_packet_new(data, CODE_REJECT,
ntohs(((struct pppcp_packet *) rejected_packet)->length));
pppcp_trace(data);
packet = pppcp_packet_new(data, CODE_REJECT, ntohs(old_packet->length));
/*
* Identifier must be changed for each Code-Reject sent
@ -468,7 +471,7 @@ static void pppcp_send_code_reject(struct pppcp_data *data,
* truncated if it needs to be to comply with mtu requirement
*/
memcpy(packet->data, rejected_packet,
ntohs(packet->length - CP_HEADER_SZ));
ntohs(packet->length) - CP_HEADER_SZ);
ppp_transmit(data->ppp, pppcp_to_ppp_packet(packet),
ntohs(packet->length));