mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-28 13:22:57 +00:00
[PATCH] CAN-2005-0384: Remote Linux DoS on ppp servers
Martin Schulze writes: > Ben Martel and Stephen Blackheath have discovered a denial-of-service attack > that a client of pppd can make that can hang the server machine. The bug is > in the Linux kernel 2.6 (tested on 2.6.9), but it looks like it also exists > in the 2.4 series. Yes, this is my bug. :( I would just do this instead: Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This commit is contained in:
parent
502f3a97bd
commit
7a5be74f06
1 changed files with 1 additions and 1 deletions
|
@ -1000,7 +1000,7 @@ static void async_lcp_peek(struct asyncppp *ap, unsigned char *data,
|
|||
data += 4;
|
||||
dlen -= 4;
|
||||
/* data[0] is code, data[1] is length */
|
||||
while (dlen >= 2 && dlen >= data[1]) {
|
||||
while (dlen >= 2 && dlen >= data[1] && data[1] >= 2) {
|
||||
switch (data[0]) {
|
||||
case LCP_MRU:
|
||||
val = (data[2] << 8) + data[3];
|
||||
|
|
Loading…
Reference in a new issue