[backfire] merge r25044
[openwrt-10.03/.git] / package / ppp / patches / 350-survive_bad_pads_packets.patch
1 --- a/pppd/plugins/rp-pppoe/common.c
2 +++ b/pppd/plugins/rp-pppoe/common.c
3 @@ -75,7 +75,9 @@ parsePacket(PPPoEPacket *packet, ParseFu
4             error("Invalid PPPoE tag length (%u)", tagLen);
5             return -1;
6         }
7 -       func(tagType, tagLen, curTag+TAG_HDR_SIZE, extra);
8 +       if (func(tagType, tagLen, curTag+TAG_HDR_SIZE, extra)) {
9 +               return -1;
10 +       }
11         curTag = curTag + TAG_HDR_SIZE + tagLen;
12      }
13      return 0;
14 --- a/pppd/plugins/rp-pppoe/discovery.c
15 +++ b/pppd/plugins/rp-pppoe/discovery.c
16 @@ -48,7 +48,7 @@ static char const RCSID[] =
17  *%DESCRIPTION:
18  * If a HostUnique tag is found which matches our PID, sets *extra to 1.
19  ***********************************************************************/
20 -void
21 +int
22  parseForHostUniq(UINT16_t type, UINT16_t len, unsigned char *data,
23                  void *extra)
24  {
25 @@ -60,6 +60,7 @@ parseForHostUniq(UINT16_t type, UINT16_t
26             *val = 1;
27         }
28      }
29 +    return 0;
30  }
31  
32  /**********************************************************************
33 @@ -102,7 +103,7 @@ packetIsForMe(PPPoEConnection *conn, PPP
34  *%DESCRIPTION:
35  * Picks interesting tags out of a PADO packet
36  ***********************************************************************/
37 -void
38 +int
39  parsePADOTags(UINT16_t type, UINT16_t len, unsigned char *data,
40               void *extra)
41  {
42 @@ -181,6 +182,7 @@ parsePADOTags(UINT16_t type, UINT16_t le
43         }
44         break;
45      }
46 +    return 0;
47  }
48  
49  /**********************************************************************
50 @@ -195,7 +197,7 @@ parsePADOTags(UINT16_t type, UINT16_t le
51  *%DESCRIPTION:
52  * Picks interesting tags out of a PADS packet
53  ***********************************************************************/
54 -void
55 +int
56  parsePADSTags(UINT16_t type, UINT16_t len, unsigned char *data,
57               void *extra)
58  {
59 @@ -205,17 +207,21 @@ parsePADSTags(UINT16_t type, UINT16_t le
60         dbglog("PADS: Service-Name: '%.*s'", (int) len, data);
61         break;
62      case TAG_SERVICE_NAME_ERROR:
63 -       fatal("PADS: Service-Name-Error: %.*s", (int) len, data);
64 +       error("PADS: Service-Name-Error: %.*s", (int) len, data);
65 +       return -1;
66      case TAG_AC_SYSTEM_ERROR:
67 -       fatal("PADS: System-Error: %.*s", (int) len, data);
68 +       error("PADS: System-Error: %.*s", (int) len, data);
69 +       return -1;
70      case TAG_GENERIC_ERROR:
71 -       fatal("PADS: Generic-Error: %.*s", (int) len, data);
72 +       error("PADS: Generic-Error: %.*s", (int) len, data);
73 +       return -1;
74      case TAG_RELAY_SESSION_ID:
75         conn->relayId.type = htons(type);
76         conn->relayId.length = htons(len);
77         memcpy(conn->relayId.payload, data, len);
78         break;
79      }
80 +    return 0;
81  }
82  
83  /***********************************************************************
84 @@ -532,9 +538,11 @@ waitForPADS(PPPoEConnection *conn, int t
85         /* Is it PADS?  */
86         if (packet.code == CODE_PADS) {
87             /* Parse for goodies */
88 -           parsePacket(&packet, parsePADSTags, conn);
89 -           conn->discoveryState = STATE_SESSION;
90 -           break;
91 +           if (!parsePacket(&packet, parsePADSTags, conn))
92 +           {
93 +               conn->discoveryState = STATE_SESSION;
94 +               break;
95 +           }
96         }
97      } while (conn->discoveryState != STATE_SESSION);
98  
99 --- a/pppd/plugins/rp-pppoe/pppoe.h
100 +++ b/pppd/plugins/rp-pppoe/pppoe.h
101 @@ -238,7 +238,7 @@ typedef struct PPPoETagStruct {
102  #define READ_CHUNK 4096
103  
104  /* Function passed to parsePacket */
105 -typedef void ParseFunc(UINT16_t type,
106 +typedef int ParseFunc(UINT16_t type,
107                        UINT16_t len,
108                        unsigned char *data,
109                        void *extra);