Techwizz/kernel-fxtec-pro1x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

l2tp: Fix PPP header erasure and memory leak

Browse source 
Copy user data after PPP framing header. This prevents erasure of the
added PPP header and avoids leaking two bytes of uninitialised memory
at the end of skb's data buffer.

Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Guillaume Nault 2013-06-12 16:07:23 +02:00 committed by David S. Miller
parent 4f5474e7fd
commit 55b92b7a11
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
net/l2tp/l2tp_ppp.c
View file

@ -346,12 +346,12 @@ static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msgh
skb_put(skb, 2); skb_put(skb, 2);
/* Copy user data into skb */ /* Copy user data into skb */
error = memcpy_fromiovec(skb->data, m->msg_iov, total_len); error = memcpy_fromiovec(skb_put(skb, total_len), m->msg_iov,
total_len);
if (error < 0) { if (error < 0) {
kfree_skb(skb); kfree_skb(skb);
goto error_put_sess_tun; goto error_put_sess_tun;
} }
skb_put(skb, total_len);
l2tp_xmit_skb(session, skb, session->hdr_len); l2tp_xmit_skb(session, skb, session->hdr_len);