ppp: fix segfault in pppcp_send_code_reject()

author Kristen Carlson Accardi <kristen@linux.intel.com>

Sat, 27 Mar 2010 01:34:26 +0000 (18:34 -0700)

committer Marcel Holtmann <marcel@holtmann.org>

Sat, 27 Mar 2010 02:19:46 +0000 (19:19 -0700)
author Kristen Carlson Accardi <kristen@linux.intel.com>
Sat, 27 Mar 2010 01:34:26 +0000 (18:34 -0700)
committer Marcel Holtmann <marcel@holtmann.org>
Sat, 27 Mar 2010 02:19:46 +0000 (19:19 -0700)
diff --git a/gatchat/ppp_cp.c b/gatchat/ppp_cp.c

index 137f6b9..39e872b 100644 (file)
--- a/gatchat/ppp_cp.c
+++ b/gatchat/ppp_cp.c
@@ -454,9 +454,12 @@ static void pppcp_send_code_reject(struct pppcp_data *data,
                                         guint8 *rejected_packet)
  {
         struct pppcp_packet *packet;
+       struct pppcp_packet *old_packet =
+                               (struct pppcp_packet *) rejected_packet;
  
-       packet = pppcp_packet_new(data, CODE_REJECT,
-                       ntohs(((struct pppcp_packet *) rejected_packet)->length));
+       pppcp_trace(data);
+
+       packet = pppcp_packet_new(data, CODE_REJECT, ntohs(old_packet->length));
  
         /*
          * Identifier must be changed for each Code-Reject sent
@@ -468,7 +471,7 @@ static void pppcp_send_code_reject(struct pppcp_data *data,
          * truncated if it needs to be to comply with mtu requirement
          */
         memcpy(packet->data, rejected_packet,
-                       ntohs(packet->length - CP_HEADER_SZ));
+                       ntohs(packet->length) - CP_HEADER_SZ);
  
         ppp_transmit(data->ppp, pppcp_to_ppp_packet(packet),
                         ntohs(packet->length));
author	Kristen Carlson Accardi <kristen@linux.intel.com>
	Sat, 27 Mar 2010 01:34:26 +0000 (18:34 -0700)
committer	Marcel Holtmann <marcel@holtmann.org>
	Sat, 27 Mar 2010 02:19:46 +0000 (19:19 -0700)