lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 20 Jun 2007 22:37:18 +1100
From:	Konstantin Sharlaimov <>
To:	Paul Mackerras <>
CC:	Sergey Vlasov <>,,
Subject: [RFC] [PATCH] ppp: fix osize too small errors when decoding

The mppe_decompress() function required a buffer that is 1 byte too small when
receiving a message of mru size. This fixes buffer allocation to prevent this
from occurring.

Signed-off-by: Konstantin Sharlaimov <>
As Sergey Vlasov pointed out, ppp_mppe-account-for-osize-too-small-errors-in.patch
may cause buffer overflows on certain data. Here is another patch that should
eliminate the "osize too small" errors. Instead of patching mppe_decompress
itself, I have patched ppp_decompress_frame so it would allocate the required
extra byte when using mppe compression.

I didn't have a chance to check this patch carefully yet, but it seem to be
working as expected. Any comments would be greatly appreciated.

--- linux-	2007-06-20 09:14:13.000000000
+++ linux-	2007-06-20 09:18:06.000000000 +1100
@@ -1711,7 +1711,18 @@ ppp_decompress_frame(struct ppp *ppp, st
 		goto err;

 	if (proto == PPP_COMP) {
-		ns = dev_alloc_skb(ppp->mru + PPP_HDRLEN);
+		int obuff_size;
+		switch(ppp->rcomp->compress_proto) {
+		case CI_MPPE:
+			obuff_size = ppp->mru + PPP_HDRLEN + 1;
+			break;
+		default:
+			obuff_size = ppp->mru + PPP_HDRLEN;
+			break;
+		}
+		ns = dev_alloc_skb(obuff_size);
 		if (ns == 0) {
 			printk(KERN_ERR "ppp_decompress_frame: no memory\n");
 			goto err;
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists