From 52f2221be95bc67a76c4a299159ca9f72f89c569 Mon Sep 17 00:00:00 2001
From: Sylvain Rochet <gradator@gradator.net>
Date: Sun, 1 Mar 2015 21:12:48 +0100
Subject: [PATCH] PPP, L2TP, check source ip address and port

Improve L2TP defensiveness by checking source ip address and port
of input packets.
---
 src/netif/ppp/pppol2tp.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/netif/ppp/pppol2tp.c b/src/netif/ppp/pppol2tp.c
index f4868477..40cc292d 100644
--- a/src/netif/ppp/pppol2tp.c
+++ b/src/netif/ppp/pppol2tp.c
@@ -349,6 +349,15 @@ static void pppol2tp_input(void *arg, struct udp_pcb *pcb, struct pbuf *p, const
     goto free_and_return;
   }
 
+  if (!ip_addr_cmp(&l2tp->remote_ip, addr)) {
+    goto free_and_return;
+  }
+
+  /* discard packet if port mismatch, but only if we received a SCCRP */
+  if (l2tp->phase > PPPOL2TP_STATE_SCCRQ_SENT && l2tp->tunnel_port != port) {
+    goto free_and_return;
+  }
+
   /* printf("-----------\nL2TP INPUT, %d\n", p->len); */
   p = ppp_singlebuf(p);