From owner-freebsd-bugs@freebsd.org  Thu Nov 10 11:44:45 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C4D46C3ABCC
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Thu, 10 Nov 2016 11:44:45 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B4A39393
 for <freebsd-bugs@FreeBSD.org>; Thu, 10 Nov 2016 11:44:45 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uAABijDk064977
 for <freebsd-bugs@FreeBSD.org>; Thu, 10 Nov 2016 11:44:45 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 214385] L2TP control packets malformed [PATCH]
Date: Thu, 10 Nov 2016 11:44:45 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.3-RELEASE
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: joeknockando@googlemail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status keywords bug_severity priority component assigned_to
 reporter attachments.created
Message-ID: <bug-214385-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Nov 2016 11:44:45 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214385

            Bug ID: 214385
           Summary: L2TP control packets malformed [PATCH]
           Product: Base System
           Version: 10.3-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: joeknockando@googlemail.com
          Keywords: patch

Created attachment 176852
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D176852&action=
=3Dedit
proposed fix

We noticed L2TP control packets having incorrect sequence numbers causing
problems talking to Cisco routers. We traced this back to
/usr/src/sys/netgraph/ng_l2tp.c The code is writing to what it thinks 12 by=
tes
of continuous memory, however this can't be guaranteed as the mbuf may have
been prepended to. A call to m_pullup is needed, see patch attached.

We believe this may have manifested its self as we are sending bigger packe=
ts
than the MPD software would normally send due to the addition of proxy auth
AVPs, which are not in the stock distribution.

This patch was against 10.3 but will work for 11.0 and probably head as wel=
l.

--=20
You are receiving this mail because:
You are the assignee for the bug.=