Commit 4b2a8fb3 authored by Konstantin Sharlaimov's avatar Konstantin Sharlaimov Committed by David S. Miller

[PPP]: Fix osize too small errors when decoding mppe.

The mppe_decompress() function required a buffer that is 1 byte too
small when receiving a message of mru size. This fixes buffer
allocation to prevent this from occurring.
Signed-off-by: default avatarKonstantin Sharlaimov <konstantin.sharlaimov@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 7e4a6da7
...@@ -1708,7 +1708,18 @@ ppp_decompress_frame(struct ppp *ppp, struct sk_buff *skb) ...@@ -1708,7 +1708,18 @@ ppp_decompress_frame(struct ppp *ppp, struct sk_buff *skb)
goto err; goto err;
if (proto == PPP_COMP) { if (proto == PPP_COMP) {
ns = dev_alloc_skb(ppp->mru + PPP_HDRLEN); int obuff_size;
switch(ppp->rcomp->compress_proto) {
case CI_MPPE:
obuff_size = ppp->mru + PPP_HDRLEN + 1;
break;
default:
obuff_size = ppp->mru + PPP_HDRLEN;
break;
}
ns = dev_alloc_skb(obuff_size);
if (ns == 0) { if (ns == 0) {
printk(KERN_ERR "ppp_decompress_frame: no memory\n"); printk(KERN_ERR "ppp_decompress_frame: no memory\n");
goto err; goto err;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment