welterde/l2tpns
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Security: Rhys Kidd identified a vulnerability in the handling of

Browse source 
heartbeat packets.  Drop oversize heartbeat packets.
This commit is contained in:
Brendan O'Dea 2006-12-04 20:50:02 +00:00
parent 4a2a55c66e
commit dbaf3410c4
4 changed files with 11 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
cluster.c
View file

@ -1,6 +1,6 @@
// L2TPNS Clustering Stuff
char const *cvs_id_cluster = "$Id: cluster.c,v 1.53 2006-07-17 07:53:08 bodea Exp $";
char const *cvs_id_cluster = "$Id: cluster.c,v 1.54 2006-12-04 20:50:02 bodea Exp $";
#include <stdio.h>
#include <stdlib.h>
@ -1453,7 +1453,11 @@ static int cluster_process_heartbeat(uint8_t *data, int size, int more, uint8_t
return -1; // Ignore it??
}
// Ok. It's a heartbeat packet from a cluster master!
if (size > sizeof(past_hearts[0].data)) {
LOG(0, 0, 0, "Received an oversize heartbeat from %s (%d)!\n", fmtaddr(addr, 0), size);
return -1;
}
if (s < sizeof(*h))
goto shortpacket;