welterde/l2tpns
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix possible buffer overflow when dealing with auth challenge/response

Browse source
This commit is contained in:
Tassilo Schweyer 2025-05-04 13:42:47 +02:00
parent 3015533293
commit 60be20cf32
1 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
l2tpns.c
View file

@ -5074,8 +5074,12 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr, uint16_t indexu
LOG(3, s, t, "Reusing LCP negotiation\n"); LOG(3, s, t, "Reusing LCP negotiation\n");
// Start with proxy auth id to avoid client caching challenge responses // Start with proxy auth id to avoid client caching challenge responses
sess_local[s].auth_id = authid; sess_local[s].auth_id = authid;
if (authchalln <= 16) {
memcpy(sess_local[s].auth_chall, authchall, authchalln); memcpy(sess_local[s].auth_chall, authchall, authchalln);
}
if (authrespn <= 64) {
memcpy(sess_local[s].auth_resp, authresp, authrespn); memcpy(sess_local[s].auth_resp, authresp, authrespn);
}
if (atype != 0) { if (atype != 0) {
sess_local[s].auth_type = atype; sess_local[s].auth_type = atype;
} }