ppp: don't die on malformed PADS frames that might appear on instable DSL lines

SVN-Revision: 25044
This commit is contained in:
Jo-Philipp Wich 2011-01-19 02:00:57 +00:00
parent 18ed5bca9b
commit 1868be702d
2 changed files with 110 additions and 1 deletions

View File

@ -10,7 +10,7 @@ include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=ppp
PKG_VERSION:=2.4.4
PKG_RELEASE:=15
PKG_RELEASE:=16
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=ftp://ftp.samba.org/pub/ppp/

View File

@ -0,0 +1,109 @@
--- a/pppd/plugins/rp-pppoe/common.c
+++ b/pppd/plugins/rp-pppoe/common.c
@@ -75,7 +75,9 @@ parsePacket(PPPoEPacket *packet, ParseFu
error("Invalid PPPoE tag length (%u)", tagLen);
return -1;
}
- func(tagType, tagLen, curTag+TAG_HDR_SIZE, extra);
+ if (func(tagType, tagLen, curTag+TAG_HDR_SIZE, extra)) {
+ return -1;
+ }
curTag = curTag + TAG_HDR_SIZE + tagLen;
}
return 0;
--- a/pppd/plugins/rp-pppoe/discovery.c
+++ b/pppd/plugins/rp-pppoe/discovery.c
@@ -48,7 +48,7 @@ static char const RCSID[] =
*%DESCRIPTION:
* If a HostUnique tag is found which matches our PID, sets *extra to 1.
***********************************************************************/
-void
+int
parseForHostUniq(UINT16_t type, UINT16_t len, unsigned char *data,
void *extra)
{
@@ -60,6 +60,7 @@ parseForHostUniq(UINT16_t type, UINT16_t
*val = 1;
}
}
+ return 0;
}
/**********************************************************************
@@ -102,7 +103,7 @@ packetIsForMe(PPPoEConnection *conn, PPP
*%DESCRIPTION:
* Picks interesting tags out of a PADO packet
***********************************************************************/
-void
+int
parsePADOTags(UINT16_t type, UINT16_t len, unsigned char *data,
void *extra)
{
@@ -181,6 +182,7 @@ parsePADOTags(UINT16_t type, UINT16_t le
}
break;
}
+ return 0;
}
/**********************************************************************
@@ -195,7 +197,7 @@ parsePADOTags(UINT16_t type, UINT16_t le
*%DESCRIPTION:
* Picks interesting tags out of a PADS packet
***********************************************************************/
-void
+int
parsePADSTags(UINT16_t type, UINT16_t len, unsigned char *data,
void *extra)
{
@@ -205,17 +207,21 @@ parsePADSTags(UINT16_t type, UINT16_t le
dbglog("PADS: Service-Name: '%.*s'", (int) len, data);
break;
case TAG_SERVICE_NAME_ERROR:
- fatal("PADS: Service-Name-Error: %.*s", (int) len, data);
+ error("PADS: Service-Name-Error: %.*s", (int) len, data);
+ return -1;
case TAG_AC_SYSTEM_ERROR:
- fatal("PADS: System-Error: %.*s", (int) len, data);
+ error("PADS: System-Error: %.*s", (int) len, data);
+ return -1;
case TAG_GENERIC_ERROR:
- fatal("PADS: Generic-Error: %.*s", (int) len, data);
+ error("PADS: Generic-Error: %.*s", (int) len, data);
+ return -1;
case TAG_RELAY_SESSION_ID:
conn->relayId.type = htons(type);
conn->relayId.length = htons(len);
memcpy(conn->relayId.payload, data, len);
break;
}
+ return 0;
}
/***********************************************************************
@@ -532,9 +538,11 @@ waitForPADS(PPPoEConnection *conn, int t
/* Is it PADS? */
if (packet.code == CODE_PADS) {
/* Parse for goodies */
- parsePacket(&packet, parsePADSTags, conn);
- conn->discoveryState = STATE_SESSION;
- break;
+ if (!parsePacket(&packet, parsePADSTags, conn))
+ {
+ conn->discoveryState = STATE_SESSION;
+ break;
+ }
}
} while (conn->discoveryState != STATE_SESSION);
--- a/pppd/plugins/rp-pppoe/pppoe.h
+++ b/pppd/plugins/rp-pppoe/pppoe.h
@@ -238,7 +238,7 @@ typedef struct PPPoETagStruct {
#define READ_CHUNK 4096
/* Function passed to parsePacket */
-typedef void ParseFunc(UINT16_t type,
+typedef int ParseFunc(UINT16_t type,
UINT16_t len,
unsigned char *data,
void *extra);