[PPP]: Fix osize too small errors when decoding mppe.
Konstantin Sharlaimov [Sun, 24 Jun 2007 06:05:54 +0000 (23:05 -0700)]
The mppe_decompress() function required a buffer that is 1 byte too
small when receiving a message of mru size. This fixes buffer
allocation to prevent this from occurring.

Signed-off-by: Konstantin Sharlaimov <konstantin.sharlaimov@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

drivers/net/ppp_generic.c

index 5411687..3ef0092 100644 (file)
@@ -1708,7 +1708,18 @@ ppp_decompress_frame(struct ppp *ppp, struct sk_buff *skb)
                goto err;
 
        if (proto == PPP_COMP) {
-               ns = dev_alloc_skb(ppp->mru + PPP_HDRLEN);
+               int obuff_size;
+
+               switch(ppp->rcomp->compress_proto) {
+               case CI_MPPE:
+                       obuff_size = ppp->mru + PPP_HDRLEN + 1;
+                       break;
+               default:
+                       obuff_size = ppp->mru + PPP_HDRLEN;
+                       break;
+               }
+
+               ns = dev_alloc_skb(obuff_size);
                if (ns == 0) {
                        printk(KERN_ERR "ppp_decompress_frame: no memory\n");
                        goto err;