Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 55b92b7a authored by Guillaume Nault's avatar Guillaume Nault Committed by David S. Miller
Browse files

l2tp: Fix PPP header erasure and memory leak 



Copy user data after PPP framing header. This prevents erasure of the
added PPP header and avoids leaking two bytes of uninitialised memory
at the end of skb's data buffer.

Signed-off-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 4f5474e7

net/l2tp/l2tp_ppp.c

+2 −2
Original line number Diff line number Diff line
@@ -346,12 +346,12 @@ static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msgh 
	skb_put(skb, 2);



	/* Copy user data into skb */

	error = memcpy_fromiovec(skb->data, m->msg_iov, total_len);

	error = memcpy_fromiovec(skb_put(skb, total_len), m->msg_iov,

				 total_len);

	if (error < 0) {

		kfree_skb(skb);

		goto error_put_sess_tun;

	}

	skb_put(skb, total_len);



	l2tp_xmit_skb(session, skb, session->hdr_len);