diff options
-rw-r--r-- | accel-pppd/ctrl/pppoe/pppoe.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/accel-pppd/ctrl/pppoe/pppoe.c b/accel-pppd/ctrl/pppoe/pppoe.c index 2659a6f..9608e9a 100644 --- a/accel-pppd/ctrl/pppoe/pppoe.c +++ b/accel-pppd/ctrl/pppoe/pppoe.c @@ -773,6 +773,7 @@ static void pppoe_recv_PADI(struct pppoe_serv_t *serv, uint8_t *pack, int size) int n, service_match = 0; struct delayed_pado_t *pado; struct timespec ts; + int len; __sync_add_and_fetch(&stat_PADI_recv, 1); @@ -791,18 +792,14 @@ static void pppoe_recv_PADI(struct pppoe_serv_t *serv, uint8_t *pack, int size) return; } - if (hdr->sid) { - log_warn("pppoe: discarding PADI packet (sid is not zero)\n"); + if (hdr->sid) return; - } - if (conf_verbose) { - log_info2("recv "); - print_packet(pack); - } - - for (n = 0; n < ntohs(hdr->length); n += sizeof(*tag) + ntohs(tag->tag_len)) { + len = ntohs(hdr->length); + for (n = 0; n < len; n += sizeof(*tag) + ntohs(tag->tag_len)) { tag = (struct pppoe_tag *)(pack + ETH_HLEN + sizeof(*hdr) + n); + if (n + sizeof(*tag) + ntohs(tag->tag_len) > len) + return; switch (ntohs(tag->tag_type)) { case TAG_END_OF_LIST: break; @@ -827,6 +824,11 @@ static void pppoe_recv_PADI(struct pppoe_serv_t *serv, uint8_t *pack, int size) } } + if (conf_verbose) { + log_info2("recv "); + print_packet(pack); + } + if (!service_match) { if (conf_verbose) log_warn("pppoe: discarding PADI packet (Service-Name mismatch)\n"); |