switch (protocol) {
case PPP_IP_PROTO:
- ppp_net_process_packet(ppp->net, packet);
+ ppp_net_process_packet(ppp->net, packet, len - offset);
break;
case LCP_PROTOCOL:
- pppcp_process_packet(ppp->lcp, packet);
+ pppcp_process_packet(ppp->lcp, packet, len - offset);
break;
case IPCP_PROTO:
- pppcp_process_packet(ppp->ipcp, packet);
+ pppcp_process_packet(ppp->ipcp, packet, len - offset);
break;
case CHAP_PROTOCOL:
if (ppp->chap) {
- ppp_chap_process_packet(ppp->chap, packet);
+ ppp_chap_process_packet(ppp->chap, packet,
+ len - offset);
break;
}
/* fall through */
/* CHAP related functions */
struct ppp_chap *ppp_chap_new(GAtPPP *ppp, guint8 method);
void ppp_chap_free(struct ppp_chap *chap);
-void ppp_chap_process_packet(struct ppp_chap *chap, const guint8 *new_packet);
+void ppp_chap_process_packet(struct ppp_chap *chap, const guint8 *new_packet,
+ gsize len);
/* TUN / Network related functions */
struct ppp_net *ppp_net_new(GAtPPP *ppp, int fd);
const char *ppp_net_get_interface(struct ppp_net *net);
-void ppp_net_process_packet(struct ppp_net *net, const guint8 *packet);
+void ppp_net_process_packet(struct ppp_net *net, const guint8 *packet,
+ gsize len);
void ppp_net_free(struct ppp_net *net);
gboolean ppp_net_set_mtu(struct ppp_net *net, guint16 mtu);
void ppp_net_suspend_interface(struct ppp_net *net);
/*
* parse the packet
*/
-void ppp_chap_process_packet(struct ppp_chap *chap, const guint8 *new_packet)
+void ppp_chap_process_packet(struct ppp_chap *chap, const guint8 *new_packet,
+ gsize len)
{
- guint8 code = new_packet[0];
+ guint8 code;
+
+ if (len < sizeof(struct chap_header))
+ return;
+
+ code = new_packet[0];
switch (code) {
case CHALLENGE:
/*
* parse the packet and determine which event this packet caused
*/
-void pppcp_process_packet(gpointer priv, const guint8 *new_packet)
+void pppcp_process_packet(gpointer priv, const guint8 *new_packet, gsize len)
{
struct pppcp_data *data = priv;
const struct pppcp_packet *packet =
guint8 event_type;
guint data_len = 0;
- if (data == NULL)
+ if (len < sizeof(struct pppcp_packet))
return;
/* check flags to see if we support this code */
const guint8 *options,
guint16 len);
-void pppcp_process_packet(gpointer priv, const guint8 *new_packet);
+void pppcp_process_packet(gpointer priv, const guint8 *new_packet, gsize len);
void pppcp_send_protocol_reject(struct pppcp_data *data,
const guint8 *rejected_packet, gsize len);
void pppcp_signal_open(struct pppcp_data *data);
return TRUE;
}
-void ppp_net_process_packet(struct ppp_net *net, const guint8 *packet)
+void ppp_net_process_packet(struct ppp_net *net, const guint8 *packet,
+ gsize plen)
{
GIOStatus status;
gsize bytes_written;
guint16 len;
+ if (plen < 4)
+ return;
+
/* find the length of the packet to transmit */
len = get_host_short(&packet[2]);
status = g_io_channel_write_chars(net->channel, (gchar *) packet,
- len, &bytes_written, NULL);
+ MIN(len, plen),
+ &bytes_written, NULL);
+
if (status != G_IO_STATUS_NORMAL)
return;
}