summaryrefslogtreecommitdiffstats
path: root/obsolete-buildroot/sources/openwrt/patches/ppp/auth_hook_segfault
diff options
context:
space:
mode:
Diffstat (limited to 'obsolete-buildroot/sources/openwrt/patches/ppp/auth_hook_segfault')
-rw-r--r--obsolete-buildroot/sources/openwrt/patches/ppp/auth_hook_segfault33
1 files changed, 33 insertions, 0 deletions
diff --git a/obsolete-buildroot/sources/openwrt/patches/ppp/auth_hook_segfault b/obsolete-buildroot/sources/openwrt/patches/ppp/auth_hook_segfault
new file mode 100644
index 000000000..59007efaf
--- /dev/null
+++ b/obsolete-buildroot/sources/openwrt/patches/ppp/auth_hook_segfault
@@ -0,0 +1,33 @@
+To: md@linux.it, mjt@corpit.ru
+Subject: pppd-auth-hook.patch
+Message-Id: <20040604231517.3E9AD11DC4@paltus.tls.msk.ru>
+Date: Sat, 5 Jun 2004 03:15:17 +0400 (MSD)
+From: mjt@corpit.ru (Michael Tokarev)
+
+The patch below fixes pppd segfault when using auth_hook that sets
+options for the user (use-after-free problem).
+
+/mjt
+
+--- ppp/pppd/auth.c.orig Mon Jun 23 18:12:04 2003
++++ ppp/pppd/auth.c Sat Jun 5 03:11:36 2004
+@@ -1251,14 +1251,14 @@
+ if (pap_auth_hook) {
+ ret = (*pap_auth_hook)(user, passwd, msg, &addrs, &opts);
+ if (ret >= 0) {
++ /* note: set_allowed_addrs() saves opts (but not addrs): don't free it! */
+ if (ret)
+ set_allowed_addrs(unit, addrs, opts);
+- BZERO(passwd, sizeof(passwd));
++ else if (opts != 0)
++ free_wordlist(opts);
+ if (addrs != 0)
+ free_wordlist(addrs);
+- if (opts != 0) {
+- free_wordlist(opts);
+- }
++ BZERO(passwd, sizeof(passwd));
+ return ret? UPAP_AUTHACK: UPAP_AUTHNAK;
+ }
+ }
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 13:09:19 +0000