summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorDenys Fedoryshchenko <denys.f@collabora.com>2025-11-26 20:38:02 +0200
committerDenys Fedoryshchenko <denys.f@collabora.com>2025-11-26 20:39:13 +0200
commit2bbf451b94a3a9a96cdc8cbdb60a559f275dc0e6 (patch)
tree3c91642b8ed391aee50ee3d3067d98897c56b2f9 /docs
parentd013d3ff2150ca425ff13ce69d0eab394153803a (diff)
downloadaccel-ppp-2bbf451b94a3a9a96cdc8cbdb60a559f275dc0e6.tar.gz
accel-ppp-2bbf451b94a3a9a96cdc8cbdb60a559f275dc0e6.zip
l2tp: fix buffer overflow and type errors in Calling/Called Number handling
Fix issues introduced in 88a2ebdb: - Fix type declaration: uint8_t *calling[254] declared an array of 254 pointers instead of an array of 254 bytes. Remove erroneous asterisks. - Fix buffer overflow vulnerability: L2TP AVP values can be up to 1017 bytes (L2TP_AVP_LEN_MASK - sizeof(avp_header)), but buffers were only 254(*4?) bytes. A malicious packet could cause stack buffer overflow. Use L2TP_AVP_LEN_MASK (1023) for buffer size to handle maximum AVP length. - Remove useless NULL checks: Stack-allocated arrays can never be NULL, causing compiler warnings. The existence check is n > 0 / m > 1. Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
Diffstat (limited to 'docs')
0 files changed, 0 insertions, 0 deletions