From 6439ac40b83ae17ea8c7703695150b1a3b8317e7 Mon Sep 17 00:00:00 2001
From: Daniel Lenski <dlenski@gmail.com>
Date: Thu, 14 May 2020 14:26:58 -0700
Subject: [PATCH] fix a couple off-by-encap_len bits of NX

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---
 ppp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ppp.c b/ppp.c
index d470072b..8dd77177 100644
--- a/ppp.c
+++ b/ppp.c
@@ -786,7 +786,7 @@ int ppp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable)
 
 		case PPP_ENCAP_NX_HDLC:
 			payload_len_hdr = load_be32(ph);
-			payload_len = unhdlc_in_place(vpninfo, ph + ppp->encap_len, len, &pp);
+			payload_len = unhdlc_in_place(vpninfo, ph + ppp->encap_len, len - ppp->encap_len, &pp);
 			vpn_progress(vpninfo, PRG_INFO, "payload_len_hdr: %x, payload_len: %x, len: %x\n",
 						 payload_len_hdr, payload_len, len);
 			if (payload_len < 0)
@@ -997,7 +997,7 @@ int ppp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable)
 		case PPP_ENCAP_NX_HDLC:
 			/* XX: use worst-case escaping for LCP */
 			this = hdlc_into_new_pkt(vpninfo, this->data + n, this->len - n,
-									 proto == PPP_LCP ? ASYNCMAP_LCP : ppp->out_asyncmap);
+						 proto == PPP_LCP ? ASYNCMAP_LCP : ppp->out_asyncmap);
 			if (!this)
 				return 1; /* XX */
 			store_be32(this->data + n - 4, this->len - n);
-- 
2.49.0