Having it configurable does not really make sense anymore, we already
need PBUF_RAM in all transmit paths. There are no real reason to keep
allocating PPP response buffers from the PBUF_POOL which should be now
reserved for receive paths only.
This adds some basic checks to the subroutines of eap_input to check
that we have requested or agreed to doing EAP authentication before
doing any processing on the received packet. The motivation is to
make it harder for a malicious peer to disrupt the operation of pppd
by sending unsolicited EAP packets. Note that eap_success() already
has a check that the EAP client state is reasonable, and does nothing
(apart from possibly printing a debug message) if not.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Signed-off-by: Sylvain Rochet <gradator@gradator.net> (ported to lwIP PPP pcb struct)
Given that we have just checked vallen < len, it can never be the case
that vallen >= len + sizeof(rhostname). This fixes the check so we
actually avoid overflowing the rhostname array.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Signed-off-by: Sylvain Rochet <gradator@gradator.net> (compiler warning fix about int vs uint comparisons)
This converts all ppp_*() debug functions to ppp_*(()) macros that
ensure the code is left out by the linker if the corresponding debug
setting is disabled.
Downside is that many lines of code are touched, but since these
already differ to upstream PPP sources, I figured that's ok...
See bug #55199
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
Use LWIP_ARRAYSIZE to simplify the code.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Reviewed-by: Sylvain Rochet <gradator@gradator.net>
[Sylvain Rochet <gradator@gradator.net>: added missing casts]
Signed-off-by: Sylvain Rochet <gradator@gradator.net>
Unfortunately, all functions were renamed when PolarSSL was renamed to
mbed TLS, breaking the API. In order to continue supporting our embedded
PolarSSL copy while allowing our users to use mbed TLS, we need a function
map to deal with the API break.
This commit add a function map for all hashes and ciphers we are currently
using.
pbuf_type PPP is using for LCP, PAP, CHAP, EAP, IPCP and IP6CP packets.
Memory allocated must be single buffered for PPP to works, it requires pbuf
that are not going to be chained when allocated. This requires setting
PBUF_POOL_BUFSIZE to at least 512 bytes, which is quite huge for small systems.
Setting PPP_USE_PBUF_RAM to 1 makes PPP use memory from heap where continuous
buffers are required, allowing you to use a smaller PBUF_POOL_BUFSIZE.
PPP stack does not handle chained pbuf, but PPP negociation packets
are at most ~40 bytes long, so we are only checking if the payload
can fit into the allocated pbuf (p->tot_len == p->len).
