Hi, Tested.
ok yasuoka On Tue, 30 Aug 2022 15:41:29 +0200 Alexander Bluhm <alexander.bl...@gmx.net> wrote: > Hi, > > I looks like syzkaller has found a missing input validation in pipex. > > https://syzkaller.appspot.com/bug?id=c7ac769bd7ee15549b8a2be188bcee07d98a5357 > > As I have no pipex setup, can anyone test this diff please? > > bluhm > > Index: net/pipex.c > =================================================================== > RCS file: /data/mirror/openbsd/cvs/src/sys/net/pipex.c,v > retrieving revision 1.147 > diff -u -p -r1.147 pipex.c > --- net/pipex.c 25 Jul 2022 08:28:42 -0000 1.147 > +++ net/pipex.c 30 Aug 2022 13:21:03 -0000 > @@ -277,12 +277,24 @@ pipex_init_session(struct pipex_session > } > #ifdef PIPEX_MPPE > if ((req->pr_ppp_flags & PIPEX_PPP_MPPE_ACCEPTED) != 0) { > - if (req->pr_mppe_recv.keylenbits <= 0) > + switch (req->pr_mppe_recv.keylenbits) { > + case 40: > + case 56: > + case 128: > + break; > + default: > return (EINVAL); > + } > } > if ((req->pr_ppp_flags & PIPEX_PPP_MPPE_ENABLED) != 0) { > - if (req->pr_mppe_send.keylenbits <= 0) > + switch (req->pr_mppe_send.keylenbits) { > + case 40: > + case 56: > + case 128: > + break; > + default: > return (EINVAL); > + } > } > if ((req->pr_ppp_flags & PIPEX_PPP_MPPE_REQUIRED) != 0) { > if ((req->pr_ppp_flags & >