From 4b2a8fb3a7f7935f62a7bbdc851789fb7c2da032 Mon Sep 17 00:00:00 2001 From: Konstantin Sharlaimov Date: Sat, 23 Jun 2007 23:05:54 -0700 Subject: [PPP]: Fix osize too small errors when decoding mppe. The mppe_decompress() function required a buffer that is 1 byte too small when receiving a message of mru size. This fixes buffer allocation to prevent this from occurring. Signed-off-by: Konstantin Sharlaimov Signed-off-by: David S. Miller --- drivers/net/ppp_generic.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/net/ppp_generic.c b/drivers/net/ppp_generic.c index 541168713f1..3ef0092dc09 100644 --- a/drivers/net/ppp_generic.c +++ b/drivers/net/ppp_generic.c @@ -1708,7 +1708,18 @@ ppp_decompress_frame(struct ppp *ppp, struct sk_buff *skb) goto err; if (proto == PPP_COMP) { - ns = dev_alloc_skb(ppp->mru + PPP_HDRLEN); + int obuff_size; + + switch(ppp->rcomp->compress_proto) { + case CI_MPPE: + obuff_size = ppp->mru + PPP_HDRLEN + 1; + break; + default: + obuff_size = ppp->mru + PPP_HDRLEN; + break; + } + + ns = dev_alloc_skb(obuff_size); if (ns == 0) { printk(KERN_ERR "ppp_decompress_frame: no memory\n"); goto err; -- cgit v1.2.3