mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-12-26 12:13:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

PPP, L2TP, check source ip address and port

Browse Source 
Improve L2TP defensiveness by checking source ip address and port
of input packets.
This commit is contained in:
Sylvain Rochet 2015-03-01 21:12:48 +01:00
parent 1bee131d52
commit 52f2221be9
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/netif/ppp/pppol2tp.c
View File

@ -349,6 +349,15 @@ static void pppol2tp_input(void *arg, struct udp_pcb *pcb, struct pbuf *p, const
goto free_and_return; goto free_and_return;
} }
if (!ip_addr_cmp(&l2tp->remote_ip, addr)) {
goto free_and_return;
}
/* discard packet if port mismatch, but only if we received a SCCRP */
if (l2tp->phase > PPPOL2TP_STATE_SCCRQ_SENT && l2tp->tunnel_port != port) {
goto free_and_return;
}
/* printf("-----------\nL2TP INPUT, %d\n", p->len); */ /* printf("-----------\nL2TP INPUT, %d\n", p->len); */
p = ppp_singlebuf(p); p = ppp_singlebuf(p);