Date: Thu, 10 Nov 2016 11:44:45 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 214385] L2TP control packets malformed [PATCH] Message-ID: <bug-214385-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214385 Bug ID: 214385 Summary: L2TP control packets malformed [PATCH] Product: Base System Version: 10.3-RELEASE Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: joeknockando@googlemail.com Keywords: patch Created attachment 176852 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=176852&action=edit proposed fix We noticed L2TP control packets having incorrect sequence numbers causing problems talking to Cisco routers. We traced this back to /usr/src/sys/netgraph/ng_l2tp.c The code is writing to what it thinks 12 bytes of continuous memory, however this can't be guaranteed as the mbuf may have been prepended to. A call to m_pullup is needed, see patch attached. We believe this may have manifested its self as we are sending bigger packets than the MPD software would normally send due to the addition of proxy auth AVPs, which are not in the stock distribution. This patch was against 10.3 but will work for 11.0 and probably head as well. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-214385-8>