Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
pppdump: Avoid out-of-range access to packet buffer
This fixes a potential vulnerability where data is written to spkt.buf and rpkt.buf without a check on the array index. To fix this, we check the array index (pkt->cnt) before storing the byte or incrementing the count. This also means we no longer have a potential signed integer overflow on the increment of pkt->cnt. Fortunately, pppdump is not used in the normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario that I am aware of. Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
- Loading branch information