[Bug 214385] L2TP control packets malformed [PATCH]

Thu Nov 10 11:44:45 UTC 2016

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214385

            Bug ID: 214385
           Summary: L2TP control packets malformed [PATCH]
           Product: Base System
           Version: 10.3-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: joeknockando at googlemail.com
          Keywords: patch

Created attachment 176852
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=176852&action=edit
proposed fix

We noticed L2TP control packets having incorrect sequence numbers causing
problems talking to Cisco routers. We traced this back to
/usr/src/sys/netgraph/ng_l2tp.c The code is writing to what it thinks 12 bytes
of continuous memory, however this can't be guaranteed as the mbuf may have
been prepended to. A call to m_pullup is needed, see patch attached.

We believe this may have manifested its self as we are sending bigger packets
than the MPD software would normally send due to the addition of proxy auth
AVPs, which are not in the stock distribution.

This patch was against 10.3 but will work for 11.0 and probably head as well.

-- 
You are receiving this mail because:
You are the assignee for the bug.