From 25e398a8f0184c4342d02b43a9032ac6fc865235 Mon Sep 17 00:00:00 2001
From: Sylvain Rochet <gradator@gradator.net>
Date: Tue, 15 Apr 2014 22:55:28 +0200
Subject: [PATCH] PPP, from PPPD upstream, accept IPCP ConfAck packets
 containing MS-WINS options

pppd: Accept IPCP ConfAck packets containing MS-WINS options

Since last week I'm seeing IPCP negotiations going like this (and
eventually failing) when connecting to my ISP:

Jul 11 20:03:25 * pppd[4833]: sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1
0.0.0.0> <ms-dns2 0.0.0.0>]
Jul 11 20:03:26 * pppd[4833]: sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1
0.0.0.0> <ms-dns2 0.0.0.0>]
Jul 11 20:03:26 * pppd[4833]: rcvd [IPCP ConfNak id=0x2 <addr 10.167.246.198>
<ms-dns1 213.162.69.1> <ms-dns2 213.162.69.169> <ms-wins 124.6.168.55> <ms-wins
17.17.17.17>]
Jul 11 20:03:26 * pppd[4833]: sent [IPCP ConfReq id=0x3 <addr 10.167.246.198>
<ms-dns1 213.162.69.1> <ms-dns2 213.162.69.169> <ms-wins 124.6.168.55> <ms-wins
17.17.17.17>]
Jul 11 20:03:26 * pppd[4833]: rcvd [IPCP ConfAck id=0x3 <addr 10.167.246.198>
<ms-dns1 213.162.69.1> <ms-dns2 213.162.69.169> <ms-wins 124.6.168.55> <ms-wins
17.17.17.17>]
Jul 11 20:03:27 * pppd[4833]: sent [IPCP ConfReq id=0x3 <addr 10.167.246.198>
<ms-dns1 213.162.69.1> <ms-dns2 213.162.69.169> <ms-wins 124.6.168.55> <ms-wins
17.17.17.17>]
...

with the last two lines repeating until the IPCP error limit is
reached. As you can see, the peer added two extra fields in the
ConfNak reply. This is allowed, and indeed the following sent
ConfReq packet reflects this. However, when the ConfAck packet
is received, pppd discards it as invalid, because of the ms-wins
fields.

This fixes it.
---
 src/netif/ppp/ipcp.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/src/netif/ppp/ipcp.c b/src/netif/ppp/ipcp.c
index efe5d708..1944fc86 100644
--- a/src/netif/ppp/ipcp.c
+++ b/src/netif/ppp/ipcp.c
@@ -970,6 +970,21 @@ static int ipcp_ackci(fsm *f, u_char *p, int len) {
 	    goto bad; \
     }
 
+#define ACKCIWINS(opt, addr) \
+    if (addr) { \
+	u_int32_t l; \
+	if ((len -= CILEN_ADDR) < 0) \
+	    goto bad; \
+	GETCHAR(citype, p); \
+	GETCHAR(cilen, p); \
+	if (cilen != CILEN_ADDR || citype != opt) \
+	    goto bad; \
+	GETLONG(l, p); \
+	cilong = htonl(l); \
+	if (addr != cilong) \
+	    goto bad; \
+    }
+
     ACKCIADDRS(CI_ADDRS, !go->neg_addr && go->old_addrs, go->ouraddr,
 	       go->hisaddr);
 
@@ -982,6 +997,10 @@ static int ipcp_ackci(fsm *f, u_char *p, int len) {
 
     ACKCIDNS(CI_MS_DNS2, go->req_dns2, go->dnsaddr[1]);
 
+    ACKCIWINS(CI_MS_WINS1, go->winsaddr[0]);
+
+    ACKCIWINS(CI_MS_WINS2, go->winsaddr[1]);
+
     /*
      * If there are any remaining CIs, then this packet is bad.
      */