mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-10-05 22:29:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

PPP, using PBUF_POOL instead of PBUF_RAM pbufs for PPP negociation packets

Browse Source 
PPP stack does not handle chained pbuf, but PPP negociation packets
are at most ~40 bytes long, so we are only checking if the payload
can fit into the allocated pbuf (p->tot_len == p->len).
This commit is contained in:
Sylvain Rochet 2012-08-27 00:47:21 +02:00
parent b84ab718b0
commit 045ee53468
5 changed files with 81 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/netif/ppp/chap-new.c
View File

@ -240,9 +240,13 @@ static void chap_timeout(void *arg) {
return;
}
p = pbuf_alloc(PBUF_RAW, (u16_t)(pcb->chap_server.challenge_pktlen), PBUF_RAM);
p = pbuf_alloc(PBUF_RAW, (u16_t)(pcb->chap_server.challenge_pktlen), PBUF_POOL);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
MEMCPY(p->payload, pcb->chap_server.challenge, pcb->chap_server.challenge_pktlen);
ppp_write(pcb, p);
++pcb->chap_server.challenge_xmits;
@ -334,9 +338,13 @@ static void chap_handle_response(ppp_pcb *pcb, int id,
/* send the response */
mlen = strlen(pcb->chap_server.message);
len = CHAP_HDRLEN + mlen;
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN +len), PBUF_RAM);
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN +len), PBUF_POOL);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = p->payload;
MAKEHEADER(outp, PPP_CHAP);
@ -427,9 +435,13 @@ static void chap_respond(ppp_pcb *pcb, int id,
char rname[MAXNAMELEN+1];
char secret[MAXSECRETLEN+1];
p = pbuf_alloc(PBUF_RAW, (u16_t)(RESP_MAX_PKTLEN), PBUF_RAM);
p = pbuf_alloc(PBUF_RAW, (u16_t)(RESP_MAX_PKTLEN), PBUF_POOL);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
if ((pcb->chap_client.flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED))
return; /* not ready */

49
src/netif/ppp/eap.c
View File

@ -266,9 +266,13 @@ eap_state *esp;
struct pbuf *p;
u_char *outp;
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + EAP_HEADERLEN), PBUF_RAM);
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + EAP_HEADERLEN), PBUF_POOL);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = p->payload;
@ -297,9 +301,13 @@ eap_state *esp;
struct pbuf *p;
u_char *outp;
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + EAP_HEADERLEN), PBUF_RAM);
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + EAP_HEADERLEN), PBUF_POOL);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = p->payload;
@ -696,10 +704,13 @@ eap_state *esp;
return;
}
/* FIXME: improve buffer size */
p = pbuf_alloc(PBUF_RAW, (u16_t)(pcb->peer_mru+PPP_HDRLEN), PBUF_RAM);
p = pbuf_alloc(PBUF_RAW, (u16_t)(PBUF_POOL_BUFSIZE), PBUF_POOL);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = p->payload;
@ -1059,9 +1070,13 @@ static void eap_send_response(ppp_pcb *pcb, u_char id, u_char typenum, u_char *s
int msglen;
msglen = EAP_HEADERLEN + sizeof (u_char) + lenstr;
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PBUF_RAM);
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PBUF_POOL);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = p->payload;
@ -1089,9 +1104,13 @@ static void eap_chap_response(ppp_pcb *pcb, u_char id, u_char *hash, char *name,
msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + MD5_SIGNATURE_SIZE +
namelen;
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PBUF_RAM);
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PBUF_POOL);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = p->payload;
@ -1130,9 +1149,13 @@ int lenstr;
int msglen;
msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + lenstr;
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PBUF_RAM);
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PBUF_POOL);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = p->payload;
@ -1168,9 +1191,13 @@ u_char *str;
msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + sizeof (u32_t) +
SHA_DIGESTSIZE;
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PBUF_RAM);
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PBUF_POOL);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = p->payload;
@ -1195,9 +1222,13 @@ static void eap_send_nak(ppp_pcb *pcb, u_char id, u_char type) {
int msglen;
msglen = EAP_HEADERLEN + 2 * sizeof (u_char);
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PBUF_RAM);
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PBUF_POOL);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = p->payload;

13
src/netif/ppp/fsm.c
View File

@ -706,10 +706,13 @@ static void fsm_sconfreq(fsm *f, int retransmit) {
f->seen_ack = 0;
/* FIXME: improve buffer size */
p = pbuf_alloc(PBUF_RAW, (u16_t)(pcb->peer_mru+PPP_HDRLEN), PBUF_RAM);
p = pbuf_alloc(PBUF_RAW, (u16_t)(PBUF_POOL_BUFSIZE), PBUF_POOL);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
/*
* Make up the request packet
@ -756,9 +759,13 @@ void fsm_sdata(fsm *f, u_char code, u_char id, u_char *data, int datalen) {
datalen = pcb->peer_mru - HEADERLEN;
outlen = datalen + HEADERLEN;
p = pbuf_alloc(PBUF_RAW, (u16_t)(outlen + PPP_HDRLEN), PBUF_RAM);
p = pbuf_alloc(PBUF_RAW, (u16_t)(outlen + PPP_HDRLEN), PBUF_POOL);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = p->payload;
/* if (datalen && data != outp + PPP_HDRLEN + HEADERLEN) -- was only for fsm_sconfreq() */

7
src/netif/ppp/lcp.c
View File

@ -1779,9 +1779,14 @@ static int lcp_reqci(fsm *f, u_char *inp, int *lenp, int reject_if_disagree) {
* Process all his options.
*/
next = inp;
nakp = pbuf_alloc(PBUF_RAW, (u16_t)(pcb->peer_mru), PBUF_RAM);
nakp = pbuf_alloc(PBUF_RAW, (u16_t)(PBUF_POOL_BUFSIZE), PBUF_POOL);
if(NULL == nakp)
return 0;
if(nakp->tot_len != nakp->len) {
pbuf_free(nakp);
return 0;
}
nakoutp = nakp->payload;
rejp = inp;
while (l) {

12
src/netif/ppp/upap.c
View File

@ -530,9 +530,13 @@ static void upap_sauthreq(ppp_pcb *pcb) {
outlen = UPAP_HEADERLEN + 2 * sizeof (u_char) +
pcb->upap.us_userlen + pcb->upap.us_passwdlen;
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN +outlen), PBUF_RAM);
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN +outlen), PBUF_POOL);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = p->payload;
MAKEHEADER(outp, PPP_PAP);
@ -563,9 +567,13 @@ static void upap_sresp(ppp_pcb *pcb, u_char code, u_char id, char *msg, int msgl
int outlen;
outlen = UPAP_HEADERLEN + sizeof (u_char) + msglen;
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN +outlen), PBUF_RAM);
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN +outlen), PBUF_POOL);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = p->payload;
MAKEHEADER(outp, PPP_PAP);