Skip to content
Commit aa31f6bf authored by Dmitry Antipov's avatar Dmitry Antipov Committed by Liu Jian
Browse files

ppp: reject claimed-as-LCP but actually malformed packets 

stable inclusion
from stable-v4.19.318
commit 97d1efd8be26615ff680cdde86937d5943138f37
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGEN2
CVE: CVE-2024-41044

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=97d1efd8be26615ff680cdde86937d5943138f37



---------------------------

[ Upstream commit f2aeb7306a898e1cbd03963d376f4b6656ca2b55 ]

Since 'ppp_async_encode()' assumes valid LCP packets (with code
from 1 to 7 inclusive), add 'ppp_check_packet()' to ensure that
LCP packet has an actual body beyond PPP_LCP header bytes, and
reject claimed-as-LCP but actually malformed data otherwise.

Reported-by: default avatar <syzbot+ec0723ba9605678b14bf@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=ec0723ba9605678b14bf


Fixes: 1da177e4 ("Linux-2.6.12-rc2")
Signed-off-by: default avatarDmitry Antipov <dmantipov@yandex.ru>
Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarLiu Jian <liujian56@huawei.com>
parent f274d168
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment