From owner-cvs-sys Wed Apr 10 23:52:02 1996 Return-Path: owner-cvs-sys Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id XAA15714 for cvs-sys-outgoing; Wed, 10 Apr 1996 23:52:02 -0700 (PDT) Received: (from davidg@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id XAA15651 Wed, 10 Apr 1996 23:51:56 -0700 (PDT) Date: Wed, 10 Apr 1996 23:51:56 -0700 (PDT) From: David Greenman Message-Id: <199604110651.XAA15651@freefall.freebsd.org> To: CVS-committers, cvs-all, cvs-sys Subject: cvs commit: src/sys/net pppcompress.c slcompress.c Sender: owner-cvs-sys@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk davidg 96/04/10 23:51:55 Branch: sys/net RELENG_2_1_0 Modified: sys/net pppcompress.c slcompress.c Log: Bugfix based on rev 1.7 of slcompress.c in -current: When cslip gets an uncompressed packet, it attempts to save off the TCP/IP header for use in decompressing subsequant packets. If cslip gets garbage (such as what happens when there is a port speed mismatch or modem line noise), it will occasionally mistake the packet as a valid uncompressed packet. When it tries to save off the header, it doesn't bother to check for the validity of the header length and will happily clobber not only the cslip data structure, but parts of other kernel memory that happens to follow it...causing, ahem, undesired behavior. Revision Changes Path 1.4.4.1 +11 -4 src/sys/net/Attic/pppcompress.c 1.5.4.1 +11 -4 src/sys/net/slcompress.c