Date: Thu, 10 Nov 2016 11:44:45 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 214385] L2TP control packets malformed [PATCH] Message-ID: <bug-214385-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214385 Bug ID: 214385 Summary: L2TP control packets malformed [PATCH] Product: Base System Version: 10.3-RELEASE Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: joeknockando@googlemail.com Keywords: patch Created attachment 176852 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D176852&action= =3Dedit proposed fix We noticed L2TP control packets having incorrect sequence numbers causing problems talking to Cisco routers. We traced this back to /usr/src/sys/netgraph/ng_l2tp.c The code is writing to what it thinks 12 by= tes of continuous memory, however this can't be guaranteed as the mbuf may have been prepended to. A call to m_pullup is needed, see patch attached. We believe this may have manifested its self as we are sending bigger packe= ts than the MPD software would normally send due to the addition of proxy auth AVPs, which are not in the stock distribution. This patch was against 10.3 but will work for 11.0 and probably head as wel= l. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-214385-8>