massive changes

[openwrt/svn-archive/archive.git] / obsolete-buildroot / sources / openwrt / patches / ppp / auth_hook_segfault

diff --git a/obsolete-buildroot/sources/openwrt/patches/ppp/auth_hook_segfault b/obsolete-buildroot/sources/openwrt/patches/ppp/auth_hook_segfault
new file mode 100644 (file)
index 0000000..59007ef
--- /dev/null
+++ b/obsolete-buildroot/sources/openwrt/patches/ppp/auth_hook_segfault
@@ -0,0 +1,33 @@
+To: md@linux.it, mjt@corpit.ru
+Subject: pppd-auth-hook.patch
+Message-Id: <20040604231517.3E9AD11DC4@paltus.tls.msk.ru>
+Date: Sat,  5 Jun 2004 03:15:17 +0400 (MSD)
+From: mjt@corpit.ru (Michael Tokarev)
+
+The patch below fixes pppd segfault when using auth_hook that sets
+options for the user (use-after-free problem).
+
+/mjt
+
+--- ppp/pppd/auth.c.orig       Mon Jun 23 18:12:04 2003
++++ ppp/pppd/auth.c    Sat Jun  5 03:11:36 2004
+@@ -1251,14 +1251,14 @@
+     if (pap_auth_hook) {
+       ret = (*pap_auth_hook)(user, passwd, msg, &addrs, &opts);
+       if (ret >= 0) {
++          /* note: set_allowed_addrs() saves opts (but not addrs): don't free it! */
+           if (ret)
+               set_allowed_addrs(unit, addrs, opts);
+-          BZERO(passwd, sizeof(passwd));
++          else if (opts != 0)
++              free_wordlist(opts);
+           if (addrs != 0)
+               free_wordlist(addrs);
+-          if (opts != 0) {
+-              free_wordlist(opts);
+-          }
++          BZERO(passwd, sizeof(passwd));
+           return ret? UPAP_AUTHACK: UPAP_AUTHNAK;
+       }
+     }
+