diff options
author | Guillaume Nault <g.nault@alphalink.fr> | 2014-03-28 21:07:57 +0100 |
---|---|---|
committer | Dmitry Kozlov <xeb@mail.ru> | 2014-04-01 06:48:02 +0400 |
commit | 2833f3c88c9d1db61a36562b82e8c73d9f59e615 (patch) | |
tree | 5891acb55d373bd793f02b12e2acd60d72e7e8ac /accel-pppd/ctrl/l2tp | |
parent | f0a59abc71b44ab229fac7b2f6fea60aad99427a (diff) | |
download | accel-ppp-2833f3c88c9d1db61a36562b82e8c73d9f59e615.tar.gz accel-ppp-2833f3c88c9d1db61a36562b82e8c73d9f59e615.zip |
l2tp: add missing state verification on message reception
Verify tunnel or session states before handling HELLO, StopCCN and CDN
messages.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Diffstat (limited to 'accel-pppd/ctrl/l2tp')
-rw-r--r-- | accel-pppd/ctrl/l2tp/l2tp.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c index a63b0a02..10e7290d 100644 --- a/accel-pppd/ctrl/l2tp/l2tp.c +++ b/accel-pppd/ctrl/l2tp/l2tp.c @@ -2666,6 +2666,12 @@ static int l2tp_recv_StopCCN(struct l2tp_conn_t *conn, uint16_t res = 0; uint16_t err = 0; + if (conn->state == STATE_CLOSE) { + log_tunnel(log_warn, conn, "discarding unexpected StopCCN\n"); + + return 0; + } + log_tunnel(log_info2, conn, "handling StopCCN\n"); list_for_each_entry(attr, &pack->attrs, entry) { @@ -2732,6 +2738,12 @@ static int l2tp_recv_StopCCN(struct l2tp_conn_t *conn, static int l2tp_recv_HELLO(struct l2tp_conn_t *conn, const struct l2tp_packet_t *pack) { + if (conn->state != STATE_ESTB) { + log_tunnel(log_warn, conn, "discarding unexpected HELLO\n"); + + return 0; + } + log_tunnel(log_debug, conn, "handling HELLO\n"); if (l2tp_send_ZLB(conn) < 0) { @@ -3334,6 +3346,12 @@ static int l2tp_recv_CDN(struct l2tp_sess_t *sess, uint16_t res = 0; uint16_t err = 0; + if (sess->state1 == STATE_CLOSE) { + log_session(log_warn, sess, "discarding unexpected CDN\n"); + + return 0; + } + log_session(log_info2, sess, "handling CDN\n"); list_for_each_entry(attr, &pack->attrs, entry) { |