git.ozlabs.org Git - ppp.git/commit

]> git.ozlabs.org Git - ppp.git/commit

author	Simon Arlott <70171+nomis@users.noreply.github.com>
	Tue, 8 Apr 2025 07:14:51 +0000 (08:14 +0100)
committer	GitHub <noreply@github.com>
	Tue, 8 Apr 2025 07:14:51 +0000 (17:14 +1000)
commit	7060ac7c505e685bebca05eb14fa1d9550364051
tree	8ee939673a37f3316cbdc0872f601a0801598f9e	tree \| snapshot (tar.gz zip)
parent	b17da861706d7d23ddf4d5a82d1082549cd88769	commit \| diff

pppd: Fix potential buffer overflow in lcp_rtt_update_buffer() (#554)

It's possible for ring_header[2] to be modified by another process when
reading it twice through a volatile pointer, causing it to change from a
small value (which doesn't need to wrap around) to a large value which
would exceed the size of the buffer.

Signed-off-by: Simon Arlott <git@sa.me.uk>
Co-authored-by: Simon Arlott <git@sa.me.uk>

pppd/lcp.c

diff | blob | history

PPP (Point-to-Point Protocol) implementation for Linux and Solaris

RSS Atom