mirror of
https://github.com/lwip-tcpip/lwip.git
synced 2024-12-25 18:14:53 +00:00
PPP, L2TP, check source ip address and port
Improve L2TP defensiveness by checking source ip address and port of input packets.
This commit is contained in:
parent
1bee131d52
commit
52f2221be9
@ -349,6 +349,15 @@ static void pppol2tp_input(void *arg, struct udp_pcb *pcb, struct pbuf *p, const
|
||||
goto free_and_return;
|
||||
}
|
||||
|
||||
if (!ip_addr_cmp(&l2tp->remote_ip, addr)) {
|
||||
goto free_and_return;
|
||||
}
|
||||
|
||||
/* discard packet if port mismatch, but only if we received a SCCRP */
|
||||
if (l2tp->phase > PPPOL2TP_STATE_SCCRQ_SENT && l2tp->tunnel_port != port) {
|
||||
goto free_and_return;
|
||||
}
|
||||
|
||||
/* printf("-----------\nL2TP INPUT, %d\n", p->len); */
|
||||
p = ppp_singlebuf(p);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user