From: Konstantin Sharlaimov Date: Sun, 24 Jun 2007 06:05:54 +0000 (-0700) Subject: [PPP]: Fix osize too small errors when decoding mppe. X-Git-Tag: v2.6.22-rc6~2^2~3 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b2a8fb3a7f7935f62a7bbdc851789fb7c2da032;p=linux-2.6 [PPP]: Fix osize too small errors when decoding mppe. The mppe_decompress() function required a buffer that is 1 byte too small when receiving a message of mru size. This fixes buffer allocation to prevent this from occurring. Signed-off-by: Konstantin Sharlaimov Signed-off-by: David S. Miller --- diff --git a/drivers/net/ppp_generic.c b/drivers/net/ppp_generic.c index 541168713f..3ef0092dc0 100644 --- a/drivers/net/ppp_generic.c +++ b/drivers/net/ppp_generic.c @@ -1708,7 +1708,18 @@ ppp_decompress_frame(struct ppp *ppp, struct sk_buff *skb) goto err; if (proto == PPP_COMP) { - ns = dev_alloc_skb(ppp->mru + PPP_HDRLEN); + int obuff_size; + + switch(ppp->rcomp->compress_proto) { + case CI_MPPE: + obuff_size = ppp->mru + PPP_HDRLEN + 1; + break; + default: + obuff_size = ppp->mru + PPP_HDRLEN; + break; + } + + ns = dev_alloc_skb(obuff_size); if (ns == 0) { printk(KERN_ERR "ppp_decompress_frame: no memory\n"); goto err;