mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-10-05 22:29:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

PPP, MPPE, drop unencrypted input packet if MPPE is required

Browse Source
This commit is contained in:
Sylvain Rochet 2015-04-20 21:13:34 +02:00
parent b302cad46d
commit ced24f9215
3 changed files with 20 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/include/netif/ppp/mppe.h
View File

@ -173,9 +173,6 @@ void mppe_comp_reset(ppp_pcb *pcb, ppp_mppe_state *state);
err_t mppe_compress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb, u16_t protocol); err_t mppe_compress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb, u16_t protocol);
void mppe_decomp_reset(ppp_pcb *pcb, ppp_mppe_state *state); void mppe_decomp_reset(ppp_pcb *pcb, ppp_mppe_state *state);
err_t mppe_decompress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb); err_t mppe_decompress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb);
#if 0 /* unused */
void mppe_incomp(ppp_pcb *pcb, ppp_mppe_state *state, unsigned char *ibuf, int icnt);
#endif /* unused */
#endif /* MPPE_H */ #endif /* MPPE_H */
#endif /* PPP_SUPPORT && MPPE_SUPPORT */ #endif /* PPP_SUPPORT && MPPE_SUPPORT */

20
src/netif/ppp/mppe.c
View File

@ -389,24 +389,4 @@ mppe_decompress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb)
return ERR_OK; return ERR_OK;
} }
#if 0 /* unused */
/*
* Incompressible data has arrived (this should never happen!).
* We should probably drop the link if the protocol is in the range
* of what should be encrypted. At the least, we should drop this
* packet. (How to do this?)
*/
void mppe_incomp(ppp_pcb *pcb, ppp_mppe_state *state, unsigned char *ibuf, int icnt)
{
LWIP_UNUSED_ARG(state);
LWIP_UNUSED_ARG(icnt);
if (PPP_PROTOCOL(ibuf) >= 0x0021 && PPP_PROTOCOL(ibuf) <= 0x00fa) {
PPPDEBUG(LOG_DEBUG,
("mppe_incomp[%d]: incompressible (unencrypted) data! "
"(proto %04x)\n", pcb->netif->num, PPP_PROTOCOL(ibuf)));
}
}
#endif /* unused */
#endif /* PPP_SUPPORT && MPPE_SUPPORT */ #endif /* PPP_SUPPORT && MPPE_SUPPORT */

20
src/netif/ppp/ppp.c
View File

@ -760,6 +760,26 @@ void ppp_input(ppp_pcb *pcb, struct pbuf *pb) {
} }
#if CCP_SUPPORT #if CCP_SUPPORT
#if MPPE_SUPPORT
/*
* MPPE is required and unencrypted data has arrived (this
* should never happen!). We should probably drop the link if
* the protocol is in the range of what should be encrypted.
* At the least, we drop this packet.
*/
if (pcb->settings.require_mppe && (0
#if PPP_IPV4_SUPPORT
|| protocol == PPP_IP
#endif /* PPP_IPV4_SUPPORT */
#if PPP_IPV6_SUPPORT
|| protocol == PPP_IPV6
#endif /* PPP_IPV6_SUPPORT */
)) {
PPPDEBUG(LOG_ERR, ("ppp_input[%d]: MPPE required, received unencrypted data!\n", pcb->netif->num));
goto drop;
}
#endif /* MPPE_SUPPORT */
if (protocol == PPP_COMP) { if (protocol == PPP_COMP) {
u8_t *pl; u8_t *pl;