diff options
| author |   Daniel Black <dragonheart@gentoo.org> | 2004-10-30 12:38:53 +0000 |
|---|---|---|
| committer | Daniel Black <dragonheart@gentoo.org> | 2004-10-30 12:38:53 +0000 |
| commit | fc9fb0610a4168d7944bc09a93106dd295377e35 (patch) | |
| tree | 96d982233d2dc44b2a757c0242f161de706936be /net-dialup/ppp/files | |
| parent | Added to ~ppc (Manifest recommit) (diff) | |
| download | gentoo-2-fc9fb0610a4168d7944bc09a93106dd295377e35.tar.gz gentoo-2-fc9fb0610a4168d7944bc09a93106dd295377e35.tar.bz2 gentoo-2-fc9fb0610a4168d7944bc09a93106dd295377e35.zip | |
Added patch cbcp-dosfix.patch to fix remote DOS as per bug #69152.
Diffstat (limited to 'net-dialup/ppp/files')
| -rw-r--r-- | net-dialup/ppp/files/2.4.2/cbcp-dosfix.patch | 151 | ||||
| -rw-r--r-- | net-dialup/ppp/files/digest-ppp-2.4.2-r7 | 3 |
2 files changed, 154 insertions, 0 deletions
diff --git a/net-dialup/ppp/files/2.4.2/cbcp-dosfix.patch b/net-dialup/ppp/files/2.4.2/cbcp-dosfix.patch new file mode 100644 index 000000000000..bcac2ba99f5b --- /dev/null +++ b/net-dialup/ppp/files/2.4.2/cbcp-dosfix.patch @@ -0,0 +1,151 @@ +--- ppp-2.4.2/pppd/cbcp.c 2004-10-28 15:14:19.231292272 -0400 ++++ ppp-cvs/pppd/cbcp.c 2004-10-27 20:15:36.000000000 -0400 +@@ -33,7 +33,7 @@ + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +-#define RCSID "$Id: cbcp-dosfix.patch,v 1.1 2004/10/30 12:38:53 dragonheart Exp $" ++#define RCSID "$Id: cbcp-dosfix.patch,v 1.1 2004/10/30 12:38:53 dragonheart Exp $" + + #include <stdio.h> + #include <string.h> +@@ -165,7 +165,8 @@ + inp = inpacket; + + if (pktlen < CBCP_MINLEN) { +- error("CBCP packet is too small"); ++ if (debug) ++ dbglog("CBCP packet is too small"); + return; + } + +@@ -173,12 +174,11 @@ + GETCHAR(id, inp); + GETSHORT(len, inp); + +-#if 0 +- if (len > pktlen) { +- error("CBCP packet: invalid length"); ++ if (len > pktlen || len < CBCP_MINLEN) { ++ if (debug) ++ dbglog("CBCP packet: invalid length %d", len); + return; + } +-#endif + + len -= CBCP_MINLEN; + +@@ -189,11 +189,12 @@ + break; + + case CBCP_RESP: +- dbglog("CBCP_RESP received"); ++ if (debug) ++ dbglog("CBCP_RESP received"); + break; + + case CBCP_ACK: +- if (id != us->us_id) ++ if (debug && id != us->us_id) + dbglog("id doesn't match: expected %d recv %d", + us->us_id, id); + +@@ -312,11 +313,13 @@ + + address[0] = 0; + +- while (len) { ++ while (len >= 2) { + dbglog("length: %d", len); + + GETCHAR(type, pckt); + GETCHAR(opt_len, pckt); ++ if (opt_len < 2 || opt_len > len) ++ break; + + if (opt_len > 2) + GETCHAR(delay, pckt); +@@ -348,6 +351,11 @@ + } + len -= opt_len; + } ++ if (len != 0) { ++ if (debug) ++ dbglog("cbcp_recvreq: malformed packet (%d bytes left)", len); ++ return; ++ } + + cbcp_resp(us); + } +@@ -360,6 +368,7 @@ + u_char buf[256]; + u_char *bufp = buf; + int len = 0; ++ int slen; + + cb_type = us->us_allowed & us->us_type; + dbglog("cbcp_resp cb_type=%d", cb_type); +@@ -371,12 +380,17 @@ + + if (cb_type & ( 1 << CB_CONF_USER ) ) { + dbglog("cbcp_resp CONF_USER"); ++ slen = strlen(us->us_number); ++ if (slen > 250) { ++ warn("callback number truncated to 250 characters"); ++ slen = 250; ++ } + PUTCHAR(CB_CONF_USER, bufp); +- len = 3 + 1 + strlen(us->us_number) + 1; ++ len = 3 + 1 + slen + 1; + PUTCHAR(len , bufp); + PUTCHAR(5, bufp); /* delay */ + PUTCHAR(1, bufp); +- BCOPY(us->us_number, bufp, strlen(us->us_number) + 1); ++ BCOPY(us->us_number, bufp, slen + 1); + cbcp_send(us, CBCP_RESP, buf, len); + return; + } +@@ -438,25 +452,29 @@ + int opt_len; + char address[256]; + +- if (len) { ++ if (len >= 2) { + GETCHAR(type, pckt); + GETCHAR(opt_len, pckt); ++ if (opt_len >= 2 && opt_len <= len) { + +- if (opt_len > 2) +- GETCHAR(delay, pckt); ++ if (opt_len > 2) ++ GETCHAR(delay, pckt); + +- if (opt_len > 4) { +- GETCHAR(addr_type, pckt); +- memcpy(address, pckt, opt_len - 4); +- address[opt_len - 4] = 0; +- if (address[0]) +- dbglog("peer will call: %s", address); +- } +- if (type == CB_CONF_NO) +- return; +- } ++ if (opt_len > 4) { ++ GETCHAR(addr_type, pckt); ++ memcpy(address, pckt, opt_len - 4); ++ address[opt_len - 4] = 0; ++ if (address[0]) ++ dbglog("peer will call: %s", address); ++ } ++ if (type == CB_CONF_NO) ++ return; + +- cbcp_up(us); ++ cbcp_up(us); ++ ++ } else if (debug) ++ dbglog("cbcp_recvack: malformed packet"); ++ } + } + + /* ok peer will do callback */ diff --git a/net-dialup/ppp/files/digest-ppp-2.4.2-r7 b/net-dialup/ppp/files/digest-ppp-2.4.2-r7 new file mode 100644 index 000000000000..47080cb9dbd6 --- /dev/null +++ b/net-dialup/ppp/files/digest-ppp-2.4.2-r7 @@ -0,0 +1,3 @@ +MD5 362bcf218fba8afbb9afbee7471e5dac ppp-2.4.2.tar.gz 774441 +MD5 0d2679907627f68dd6a2c32d1c7dda90 ppp-2.4.2-mppe-mppc-1.1.patch.gz 12532 +MD5 9d2f3febf510c5b0cbb4dacba713a217 ppp-dhcpc.tgz 33497 |