Merge branch 'next'

[ipfire-2.x.git] / src / patches / ppp / ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch

diff --git a/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch b/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
deleted file mode 100644 (file)
index 858769f..0000000
--- a/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-commit 8d7970b8f3db727fe798b65f3377fe6787575426
-Author: Paul Mackerras <paulus@ozlabs.org>
-Date:   Mon Feb 3 15:53:28 2020 +1100
-
-    pppd: Fix bounds check in EAP code
-    
-    Given that we have just checked vallen < len, it can never be the case
-    that vallen >= len + sizeof(rhostname).  This fixes the check so we
-    actually avoid overflowing the rhostname array.
-    
-    Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
-    Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
-
-diff --git a/pppd/eap.c b/pppd/eap.c
-index 94407f5..1b93db0 100644
---- a/pppd/eap.c
-+++ b/pppd/eap.c
-@@ -1420,7 +1420,7 @@ int len;
-               }
- 
-               /* Not so likely to happen. */
--              if (vallen >= len + sizeof (rhostname)) {
-+              if (len - vallen >= sizeof (rhostname)) {
-                       dbglog("EAP: trimming really long peer name down");
-                       BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
-                       rhostname[sizeof (rhostname) - 1] = '\0';
-@@ -1846,7 +1846,7 @@ int len;
-               }
- 
-               /* Not so likely to happen. */
--              if (vallen >= len + sizeof (rhostname)) {
-+              if (len - vallen >= sizeof (rhostname)) {
-                       dbglog("EAP: trimming really long peer name down");
-                       BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
-                       rhostname[sizeof (rhostname) - 1] = '\0';