Date: Mon, 10 Aug 1998 13:50:01 -0700 (PDT) From: Brian Somers <brian@Awfulhak.org> To: freebsd-bugs@FreeBSD.ORG Subject: Re: kern/7556: potential sl_compress_init problem in slcompress.c and if_ppp.c Message-ID: <199808102050.NAA16790@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/7556; it has been noted by GNATS.
From: Brian Somers <brian@Awfulhak.org>
To: hm@kts.org
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: kern/7556: potential sl_compress_init problem in slcompress.c and if_ppp.c
Date: Mon, 10 Aug 1998 21:29:13 +0100
>
> >Number: 7556
> >Category: kern
> >Synopsis: sl_compress_init() will fail if called anything else than -1 or >MAX_STATE
[.....]
If anyone picks this up (I haven't the time to be involved with
pppd), there's an additional problem when a number of states is
negotiated that != MAX_STATES. Namely, it's possible that the peer
may agree on (say) 8 states, then proceed to send a header with a
slot id of (say) 10. The end result is that a zero'd slot entry is
``adjusted'' by the VJ deltas and will most likely cause a stack
scribble. We all know what happens to this in kernel mode :-/
This has been fixed in src/usr.sbin/ppp/slcompress.c - but I don't
know how compatible the sources are.
--
Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org>
<http://www.Awfulhak.org>;
Don't _EVER_ lose your sense of humour....
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808102050.NAA16790>