Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
plugins/rp-pppoe: Make tag parsing loop condition more accurate
The loop in parsePacket() that parses the tags in a received PPPoE packet uses a loop condition that checks if there is at least one more byte to be read; however, the tag header is 4 bytes. Thus it could read 3 bytes past the end of the received data. However, there is no possibility of reading past the end of the packet->payload array, since we previously checked that len <= ETH_JUMBO_LEN (which is sizeof(packet->payload)) - 6. Also, the tag length check will always fail (except for a tag type of TAG_END_OF_LIST, which terminates processing). This fixes the loop condition to require at least 4 bytes remaining, so that we know that the tag header is within the received data. Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
- Loading branch information