From owner-freebsd-bugs Mon Aug 10 13:50:05 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA29967 for freebsd-bugs-outgoing; Mon, 10 Aug 1998 13:50:05 -0700 (PDT) (envelope-from owner-freebsd-bugs@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA29961 for ; Mon, 10 Aug 1998 13:50:03 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.8/8.8.5) id NAA16790; Mon, 10 Aug 1998 13:50:01 -0700 (PDT) Date: Mon, 10 Aug 1998 13:50:01 -0700 (PDT) Message-Id: <199808102050.NAA16790@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.ORG From: Brian Somers Subject: Re: kern/7556: potential sl_compress_init problem in slcompress.c and if_ppp.c Reply-To: Brian Somers Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR kern/7556; it has been noted by GNATS. From: Brian Somers To: hm@kts.org Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: kern/7556: potential sl_compress_init problem in slcompress.c and if_ppp.c Date: Mon, 10 Aug 1998 21:29:13 +0100 > > >Number: 7556 > >Category: kern > >Synopsis: sl_compress_init() will fail if called anything else than -1 or >MAX_STATE [.....] If anyone picks this up (I haven't the time to be involved with pppd), there's an additional problem when a number of states is negotiated that != MAX_STATES. Namely, it's possible that the peer may agree on (say) 8 states, then proceed to send a header with a slot id of (say) 10. The end result is that a zero'd slot entry is ``adjusted'' by the VJ deltas and will most likely cause a stack scribble. We all know what happens to this in kernel mode :-/ This has been fixed in src/usr.sbin/ppp/slcompress.c - but I don't know how compatible the sources are. -- Brian , , Don't _EVER_ lose your sense of humour.... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message