summaryrefslogtreecommitdiff
path: root/accel-pppd/ctrl/l2tp
diff options
context:
space:
mode:
authorGuillaume Nault <g.nault@alphalink.fr>2014-03-28 21:07:57 +0100
committerDmitry Kozlov <xeb@mail.ru>2014-04-01 06:48:02 +0400
commit2833f3c88c9d1db61a36562b82e8c73d9f59e615 (patch)
tree5891acb55d373bd793f02b12e2acd60d72e7e8ac /accel-pppd/ctrl/l2tp
parentf0a59abc71b44ab229fac7b2f6fea60aad99427a (diff)
downloadaccel-ppp-2833f3c88c9d1db61a36562b82e8c73d9f59e615.tar.gz
accel-ppp-2833f3c88c9d1db61a36562b82e8c73d9f59e615.zip
l2tp: add missing state verification on message reception
Verify tunnel or session states before handling HELLO, StopCCN and CDN messages. Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Diffstat (limited to 'accel-pppd/ctrl/l2tp')
-rw-r--r--accel-pppd/ctrl/l2tp/l2tp.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c
index a63b0a02..10e7290d 100644
--- a/accel-pppd/ctrl/l2tp/l2tp.c
+++ b/accel-pppd/ctrl/l2tp/l2tp.c
@@ -2666,6 +2666,12 @@ static int l2tp_recv_StopCCN(struct l2tp_conn_t *conn,
uint16_t res = 0;
uint16_t err = 0;
+ if (conn->state == STATE_CLOSE) {
+ log_tunnel(log_warn, conn, "discarding unexpected StopCCN\n");
+
+ return 0;
+ }
+
log_tunnel(log_info2, conn, "handling StopCCN\n");
list_for_each_entry(attr, &pack->attrs, entry) {
@@ -2732,6 +2738,12 @@ static int l2tp_recv_StopCCN(struct l2tp_conn_t *conn,
static int l2tp_recv_HELLO(struct l2tp_conn_t *conn,
const struct l2tp_packet_t *pack)
{
+ if (conn->state != STATE_ESTB) {
+ log_tunnel(log_warn, conn, "discarding unexpected HELLO\n");
+
+ return 0;
+ }
+
log_tunnel(log_debug, conn, "handling HELLO\n");
if (l2tp_send_ZLB(conn) < 0) {
@@ -3334,6 +3346,12 @@ static int l2tp_recv_CDN(struct l2tp_sess_t *sess,
uint16_t res = 0;
uint16_t err = 0;
+ if (sess->state1 == STATE_CLOSE) {
+ log_session(log_warn, sess, "discarding unexpected CDN\n");
+
+ return 0;
+ }
+
log_session(log_info2, sess, "handling CDN\n");
list_for_each_entry(attr, &pack->attrs, entry) {