fix PPP header realignment with concatenated packet

author Daniel Lenski <dlenski@gmail.com>

Wed, 20 May 2020 02:53:42 +0000 (19:53 -0700)

committer Daniel Lenski <dlenski@gmail.com>

Wed, 20 May 2020 02:53:42 +0000 (19:53 -0700)
author Daniel Lenski <dlenski@gmail.com>
Wed, 20 May 2020 02:53:42 +0000 (19:53 -0700)
committer Daniel Lenski <dlenski@gmail.com>
Wed, 20 May 2020 02:53:42 +0000 (19:53 -0700)
diff --git a/ppp.c b/ppp.c

index 9cce4c10d29dff9e03bf99dc9cae997415f177f9..1ec8a16b62a998869c65d04a2eced1a2be09df13 100644 (file)
--- a/ppp.c
+++ b/ppp.c
@@ -1134,10 +1134,10 @@ int ppp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable)
                                                      ppp->exp_ppp_hdr_size, pp - ph);
                                         /* Save it for next time */
                                         ppp->exp_ppp_hdr_size = pp - ph;
-                                       /* XX: If PPP header was SMALLER than expected, we could be overwriting data for the
-                                        * following concatenated packet, or conceivably moving a huge packet past
-                                        * the allocated buffer. */
-                                       memmove(this->data, pp, payload_len);
+                                       /* XX: If PPP header was SMALLER than expected, we could
+                                        * be moving a huge packet past the allocated buffer. */
+                                       memmove(this->data, pp, payload_len + next_len);
+                                       next -= (pp - this->data);
                                 }
  
                                 this->len = payload_len;
author	Daniel Lenski <dlenski@gmail.com>
	Wed, 20 May 2020 02:53:42 +0000 (19:53 -0700)
committer	Daniel Lenski <dlenski@gmail.com>
	Wed, 20 May 2020 02:53:42 +0000 (19:53 -0700)