hi,
this was spotted by coverity (id #891), when
len is equal to 4, we dont call sppp_lcp_conf_parse_options(),
to initialize rmagic.
Signed-off-by: Eric Sesterhenn <[email protected]>
--- linux-2.6.18-rc5/drivers/net/wan/syncppp.c.orig 2006-09-01 00:55:08.000000000 +0200
+++ linux-2.6.18-rc5/drivers/net/wan/syncppp.c 2006-09-01 00:55:45.000000000 +0200
@@ -505,14 +505,15 @@ static void sppp_lcp_input (struct sppp
skb->len, h);
break;
case LCP_CONF_REQ:
- if (len < 4) {
+ if (len <= 4) {
if (sp->pp_flags & PP_DEBUG)
printk (KERN_DEBUG"%s: invalid lcp configure request packet length: %d bytes\n",
dev->name, len);
break;
}
- if (len>4 && !sppp_lcp_conf_parse_options (sp, h, len, &rmagic))
+ if (!sppp_lcp_conf_parse_options (sp, h, len, &rmagic))
goto badreq;
+
if (rmagic == sp->lcp.magic) {
/* Local and remote magics equal -- loopback? */
if (sp->pp_loopcnt >= MAXALIVECNT*5) {
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
