summaryrefslogtreecommitdiff
path: root/accel-pppd/extra
diff options
context:
space:
mode:
authorDenys Fedoryshchenko <denys.f@collabora.com>2024-03-10 17:34:00 +0200
committerDenys Fedoryshchenko <denys.f@collabora.com>2024-03-10 17:35:33 +0200
commit78db7640db0e2afa8403d721fd241ae901ba0bde (patch)
tree46453cc95ba697464e27f482fc9c29a3414a1bbd /accel-pppd/extra
parent827431d1b60bbd0ce140394e888b73d05f095ff1 (diff)
downloadaccel-ppp-78db7640db0e2afa8403d721fd241ae901ba0bde.tar.gz
accel-ppp-78db7640db0e2afa8403d721fd241ae901ba0bde.zip
Add safeguards to parse_gw_ip_address helper functions
In case of invalid configuration we might get stack overflow with unexpected consequences. Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
Diffstat (limited to 'accel-pppd/extra')
-rw-r--r--accel-pppd/extra/chap-secrets.c13
-rw-r--r--accel-pppd/extra/ippool.c3
2 files changed, 16 insertions, 0 deletions
diff --git a/accel-pppd/extra/chap-secrets.c b/accel-pppd/extra/chap-secrets.c
index 849ceef1..b486bb11 100644
--- a/accel-pppd/extra/chap-secrets.c
+++ b/accel-pppd/extra/chap-secrets.c
@@ -739,9 +739,22 @@ static void parse_gw_ip_address(const char *opt)
const char *ptr = strchr(opt, '/');
if (ptr) {
+ // safeguard, we don't want to overflow/underflow addr
+ if (ptr - opt > 16 || ptr - opt < 7) {
+ log_error("chap-secrets: invalid gw-ip-address %s\n", opt);
+ conf_gw_ip_address = 0;
+ conf_netmask = 0;
+ return;
+ }
memcpy(addr, opt, ptr - opt);
addr[ptr - opt] = 0;
conf_gw_ip_address = inet_addr(addr);
+ // safeguard, if / is the last character, then ptr + 1 == NULL
+ if (!ptr[1]) {
+ log_error("chap-secrets: invalid netmask %s\n", ptr);
+ conf_netmask = 32;
+ return;
+ }
conf_netmask = atoi(ptr + 1);
if (conf_netmask < 0 || conf_netmask > 32) {
log_error("chap-secrets: invalid netmask %i\n", conf_netmask);
diff --git a/accel-pppd/extra/ippool.c b/accel-pppd/extra/ippool.c
index 6ba2b5df..3ae48e95 100644
--- a/accel-pppd/extra/ippool.c
+++ b/accel-pppd/extra/ippool.c
@@ -108,6 +108,9 @@ static void parse_gw_ip_address(const char *val)
ptr = strchr(val, '/');
if (ptr) {
+ // safeguard, don't crash on oversized or undersized strings
+ if (ptr - val > 15 || ptr - val < 7)
+ return;
memcpy(addr, val, ptr - val);
addr[ptr - val] = 0;
conf_gw_ip_address = inet_addr(addr);