auth_chap: fixed incorrect check for received buffer size

author: Dmitry Kozlov <xeb@mail.ru> 2013-07-05 15:04:26 +0400
committer: Dmitry Kozlov <xeb@mail.ru> 2013-07-05 15:04:26 +0400
commit: 5b095342160fc5c7e7e5a42b202a2e7d535bb757 (patch)
tree: 74edc2e6546f4d48bf5e34d1827155aff5e8bd29
parent: d9e3b3f468475c5e1c81e65b70806f7d20c7a893 (diff)
download: accel-ppp-5b095342160fc5c7e7e5a42b202a2e7d535bb757.tar.gz
accel-ppp-5b095342160fc5c7e7e5a42b202a2e7d535bb757.zip
4 files changed, 5 insertions, 9 deletions
diff --git a/accel-pppd/auth/auth_chap_md5.c b/accel-pppd/auth/auth_chap_md5.c
index 7e14b8d..8aa3018 100644
--- a/accel-pppd/auth/auth_chap_md5.c
+++ b/accel-pppd/auth/auth_chap_md5.c
@@ -404,7 +404,7 @@ static void chap_recv(struct ppp_handler_t *h)
 	struct chap_auth_data_t *d = container_of(h, typeof(*d), h);
 	struct chap_hdr_t *hdr = (struct chap_hdr_t *)d->ppp->buf;
 
-	if (d->ppp->buf_size < sizeof(*hdr) || ntohs(hdr->len) < HDR_LEN || ntohs(hdr->len) < d->ppp->buf_size - 2)	{
+	if (d->ppp->buf_size < sizeof(*hdr) || ntohs(hdr->len) < HDR_LEN || ntohs(hdr->len) > d->ppp->buf_size - 2)	{
 		log_ppp_warn("chap-md5: short packet received\n");
 		return;
 	}
diff --git a/accel-pppd/auth/auth_mschap_v1.c b/accel-pppd/auth/auth_mschap_v1.c
index adfbc60..0dcaffd 100644
--- a/accel-pppd/auth/auth_mschap_v1.c
+++ b/accel-pppd/auth/auth_mschap_v1.c
@@ -470,7 +470,7 @@ static void chap_recv(struct ppp_handler_t *h)
 	struct chap_auth_data_t *d = container_of(h, typeof(*d), h);
 	struct chap_hdr_t *hdr = (struct chap_hdr_t *)d->ppp->buf;
 
-	if (d->ppp->buf_size < sizeof(*hdr) || ntohs(hdr->len) < HDR_LEN || ntohs(hdr->len) < d->ppp->buf_size - 2) {
+	if (d->ppp->buf_size < sizeof(*hdr) || ntohs(hdr->len) < HDR_LEN || ntohs(hdr->len) > d->ppp->buf_size - 2) {
 		log_ppp_warn("mschap-v1: short packet received\n");
 		return;
 	}
diff --git a/accel-pppd/auth/auth_mschap_v2.c b/accel-pppd/auth/auth_mschap_v2.c
index 444a9df..3ee2adc 100644
--- a/accel-pppd/auth/auth_mschap_v2.c
+++ b/accel-pppd/auth/auth_mschap_v2.c
@@ -607,7 +607,7 @@ static void chap_recv(struct ppp_handler_t *h)
 	struct chap_auth_data_t *d = container_of(h, typeof(*d), h);
 	struct chap_hdr_t *hdr = (struct chap_hdr_t *)d->ppp->buf;
 
-	if (d->ppp->buf_size < sizeof(*hdr) || ntohs(hdr->len) < HDR_LEN || ntohs(hdr->len) < d->ppp->buf_size - 2) {
+	if (d->ppp->buf_size < sizeof(*hdr) || ntohs(hdr->len) < HDR_LEN || ntohs(hdr->len) > d->ppp->buf_size - 2) {
 		log_ppp_warn("mschap-v2: short packet received\n");
 		return;
 	}
diff --git a/accel-pppd/main.c b/accel-pppd/main.c
index 365aee0..3b94353 100644
--- a/accel-pppd/main.c
+++ b/accel-pppd/main.c
@@ -146,9 +146,9 @@ void core_restart(int soft)
 	char *argv[16];
 	char *ptr = cmdline, *endptr;
 
-	if (fork()) {
+	if (soft && fork()) {
 		//close_all_fd();
-		_exit(0);
+		return;
 	}
 
 	pthread_sigmask(SIG_SETMASK, &orig_set, NULL);
@@ -224,11 +224,7 @@ static void sigsegv(int num)
 	}
 
 out:
-#ifdef USE_BACKUP
 	core_restart(1);
-#else
-	core_restart(0);
-#endif
 
 	if (conf_dump) {
 		lim.rlim_cur = RLIM_INFINITY;
author	Dmitry Kozlov <xeb@mail.ru>	2013-07-05 15:04:26 +0400
committer	Dmitry Kozlov <xeb@mail.ru>	2013-07-05 15:04:26 +0400
commit	5b095342160fc5c7e7e5a42b202a2e7d535bb757 (patch)
tree	74edc2e6546f4d48bf5e34d1827155aff5e8bd29
parent	d9e3b3f468475c5e1c81e65b70806f7d20c7a893 (diff)
download	accel-ppp-5b095342160fc5c7e7e5a42b202a2e7d535bb757.tar.gz accel-ppp-5b095342160fc5c7e7e5a42b202a2e7d535bb757.zip