From: yasuoka <yasuoka@openbsd.org>
Date: Tue, 23 Jun 2015 07:07:33 +0000 (+0000)
Subject: Fix npppd to check the size of received GRE packets properly.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=38377f60aebb2caf61cc682329d54ff2776fa2c5;p=openbsd

Fix npppd to check the size of received GRE packets properly.
---

diff --git a/usr.sbin/npppd/pptp/pptpd.c b/usr.sbin/npppd/pptp/pptpd.c
index 61b92a7bc89..c9a692657bb 100644
--- a/usr.sbin/npppd/pptp/pptpd.c
+++ b/usr.sbin/npppd/pptp/pptpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pptpd.c,v 1.26 2015/06/23 06:59:54 yasuoka Exp $	*/
+/*	$OpenBSD: pptpd.c,v 1.27 2015/06/23 07:07:33 yasuoka Exp $	*/
 
 /*-
  * Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -25,12 +25,12 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
-/* $Id: pptpd.c,v 1.26 2015/06/23 06:59:54 yasuoka Exp $ */
+/* $Id: pptpd.c,v 1.27 2015/06/23 07:07:33 yasuoka Exp $ */
 
 /**@file
  * This file provides a implementation of PPTP daemon.  Currently it
  * provides functions for PAC (PPTP Access Concentrator) only.
- * $Id: pptpd.c,v 1.26 2015/06/23 06:59:54 yasuoka Exp $
+ * $Id: pptpd.c,v 1.27 2015/06/23 07:07:33 yasuoka Exp $
  */
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -741,7 +741,7 @@ pptpd_gre_input(pptpd_listener *listener, struct sockaddr *peer, u_char *pkt,
 	hlen = iphdr->ip_hl * 4;
 
 	if (iphdr->ip_len > lpkt ||
-	    iphdr->ip_len < sizeof(struct pptp_gre_header)) {
+	    iphdr->ip_len < hlen + sizeof(struct pptp_gre_header)) {
 		pptpd_log(_this, LOG_ERR,
 		    "Received a broken packet: ip_hl=%d iplen=%d lpkt=%d", hlen,
 			iphdr->ip_len, lpkt);