Latest patch for PPP
Roman Kurakin
rik at inse.ru
Fri Aug 25 19:50:12 UTC 2006
Frederic Praca:
> Hello,
> in the latest security advisory for PPP, the patch deals with conditions
> in a for loop. The correct line is :
> for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; len-=p[1], p+=p[1]) {
>
> Couldn't the condition be simpler like :
> for (rlen=0; p[1] >= 2 && len >= p[1]; len-=p[1], p+=p[1]){
>
If len<2 you just can't access (theoretically) p[1] cause in best case
you have only p[0] (len=1)
or do not have even p[0] (len=0). So from general point of view this is
correct code.
rik
> Or is there a hack I didn't understand ?
> In this case, if p[1] is greater or equal than 2, if we ensure that len
>
>> = p[1], we don't have to test that it's greater or equal than 2, isn't
>> it ?
>>
>
> Fred
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>
More information about the freebsd-hackers
mailing list