mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-10-01 04:12:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

PPP, PPPoE: prevent integer overflows when computing packets length

Browse Source 
Check that service_name and concentrator_name strings length will not
trigger integer overflows when computing packets length.
This commit is contained in:
Sylvain Rochet 2020-10-16 19:27:46 +02:00
parent 678a7a4044
commit 49bbc2d4bf
1 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/netif/ppp/pppoe.c
View File

@ -175,12 +175,29 @@ ppp_pcb *pppoe_create(struct netif *pppif,
{
ppp_pcb *ppp;
struct pppoe_softc *sc;
#if !PPPOE_SCNAME_SUPPORT
#if PPPOE_SCNAME_SUPPORT
size_t l;
#else /* PPPOE_SCNAME_SUPPORT */
LWIP_UNUSED_ARG(service_name);
LWIP_UNUSED_ARG(concentrator_name);
#endif /* !PPPOE_SCNAME_SUPPORT */
#endif /* PPPOE_SCNAME_SUPPORT */
LWIP_ASSERT_CORE_LOCKED();
#if PPPOE_SCNAME_SUPPORT
/*
* Check that service_name and concentrator_name strings length will
* not trigger integer overflows when computing packets length.
*/
l = strlen(service_name);
if (l > 1024) {
return NULL;
}
l = strlen(concentrator_name);
if (l > 1024) {
return NULL;
}
#endif /* PPPOE_SCNAME_SUPPORT */
sc = (struct pppoe_softc *)LWIP_MEMPOOL_ALLOC(PPPOE_IF);
if (sc == NULL) {
return NULL;