forked from Minki/linux
[PPP]: Fix skbuff.c:BUG due incorrect logic in process_input_packet()
From: Paul Mackerras <paulus@samba.org> This fixes: Subject: kernel BUG at net/core/skbuff.c in linux-2.6.21-rc6 process_input_packet() treats the case where the first byte is 0xff (PPP_ALLSTATIONS) but the second byte is 0x03 (PPP_UI) as indicating a packet with a PPP protocol number of 0xff. Arguably that's wrong since PPP protocol 0xff is reserved, and the RFC does envision the possibility of receiving frames where the control field has values other than 0x03. Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
895e1fc722
commit
7c5050e3e4
@ -802,9 +802,9 @@ process_input_packet(struct asyncppp *ap)
|
||||
|
||||
/* check for address/control and protocol compression */
|
||||
p = skb->data;
|
||||
if (p[0] == PPP_ALLSTATIONS && p[1] == PPP_UI) {
|
||||
if (p[0] == PPP_ALLSTATIONS) {
|
||||
/* chop off address/control */
|
||||
if (skb->len < 3)
|
||||
if (p[1] != PPP_UI || skb->len < 3)
|
||||
goto err;
|
||||
p = skb_pull(skb, 2);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user