ppp: Reject FSM messages whose length is smaller than the message header
PR: 271843 Reported by: Robert Morris <rtm@lcs.mit.edu> Reviewed by: des, emaste Differential Revision: https://reviews.freebsd.org/D57139
This commit is contained in:
@@ -1060,6 +1060,12 @@ fsm_Input(struct fsm *fp, struct mbuf *bp)
|
||||
m_freem(bp);
|
||||
return;
|
||||
}
|
||||
if (ntohs(lh.length) < sizeof(lh)) {
|
||||
log_Printf(LogWARN, "%s: Header length %d is too small - dropped\n",
|
||||
fp->link->name, (int)ntohs(lh.length));
|
||||
m_freem(bp);
|
||||
return;
|
||||
}
|
||||
|
||||
if (lh.code < fp->min_code || lh.code > fp->max_code ||
|
||||
lh.code > sizeof FsmCodes / sizeof *FsmCodes) {
|
||||
|
||||
Reference in New Issue
Block a user