From 2833f3c88c9d1db61a36562b82e8c73d9f59e615 Mon Sep 17 00:00:00 2001
From: Guillaume Nault <g.nault@alphalink.fr>
Date: Fri, 28 Mar 2014 21:07:57 +0100
Subject: l2tp: add missing state verification on message reception

Verify tunnel or session states before handling HELLO, StopCCN and CDN
messages.

Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
---
 accel-pppd/ctrl/l2tp/l2tp.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c
index a63b0a0..10e7290 100644
--- a/accel-pppd/ctrl/l2tp/l2tp.c
+++ b/accel-pppd/ctrl/l2tp/l2tp.c
@@ -2666,6 +2666,12 @@ static int l2tp_recv_StopCCN(struct l2tp_conn_t *conn,
 	uint16_t res = 0;
 	uint16_t err = 0;
 
+	if (conn->state == STATE_CLOSE) {
+		log_tunnel(log_warn, conn, "discarding unexpected StopCCN\n");
+
+		return 0;
+	}
+
 	log_tunnel(log_info2, conn, "handling StopCCN\n");
 
 	list_for_each_entry(attr, &pack->attrs, entry) {
@@ -2732,6 +2738,12 @@ static int l2tp_recv_StopCCN(struct l2tp_conn_t *conn,
 static int l2tp_recv_HELLO(struct l2tp_conn_t *conn,
 			   const struct l2tp_packet_t *pack)
 {
+	if (conn->state != STATE_ESTB) {
+		log_tunnel(log_warn, conn, "discarding unexpected HELLO\n");
+
+		return 0;
+	}
+
 	log_tunnel(log_debug, conn, "handling HELLO\n");
 
 	if (l2tp_send_ZLB(conn) < 0) {
@@ -3334,6 +3346,12 @@ static int l2tp_recv_CDN(struct l2tp_sess_t *sess,
 	uint16_t res = 0;
 	uint16_t err = 0;
 
+	if (sess->state1 == STATE_CLOSE) {
+		log_session(log_warn, sess, "discarding unexpected CDN\n");
+
+		return 0;
+	}
+
 	log_session(log_info2, sess, "handling CDN\n");
 
 	list_for_each_entry(attr, &pack->attrs, entry) {
-- 
cgit v1.2.3