Commit 62fbe9c8 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller

[NETFILTER]: PPTP conntrack: fix PPTP_IN_CALL message types

Fix incorrectly used message types and call IDs:

- PPTP_IN_CALL_REQUEST (PAC->PNS) contains a PptpInCallRequest (icreq)
  message and the PAC call ID

- PPTP_IN_CALL_REPLY (PNS->PAC) contains a PptpInCallReply (icack)
  message and the PNS call ID
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 750a5842
...@@ -355,10 +355,10 @@ pptp_inbound_pkt(struct sk_buff **pskb, ...@@ -355,10 +355,10 @@ pptp_inbound_pkt(struct sk_buff **pskb,
if (info->sstate != PPTP_SESSION_CONFIRMED) if (info->sstate != PPTP_SESSION_CONFIRMED)
goto invalid; goto invalid;
pcid = pptpReq->icack.peersCallID; cid = pptpReq->icreq.callID;
DEBUGP("%s, PCID=%X\n", pptp_msg_name[msg], ntohs(pcid)); DEBUGP("%s, CID=%X\n", pptp_msg_name[msg], ntohs(cid));
info->cstate = PPTP_CALL_IN_REQ; info->cstate = PPTP_CALL_IN_REQ;
info->pac_call_id = pcid; info->pac_call_id = cid;
break; break;
case PPTP_IN_CALL_CONNECT: case PPTP_IN_CALL_CONNECT:
...@@ -458,15 +458,17 @@ pptp_outbound_pkt(struct sk_buff **pskb, ...@@ -458,15 +458,17 @@ pptp_outbound_pkt(struct sk_buff **pskb,
info->cstate != PPTP_CALL_IN_REP) info->cstate != PPTP_CALL_IN_REP)
goto invalid; goto invalid;
cid = pptpReq->icack.callID;
pcid = pptpReq->icack.peersCallID; pcid = pptpReq->icack.peersCallID;
if (info->pac_call_id != pcid) if (info->pac_call_id != pcid)
goto invalid; goto invalid;
DEBUGP("%s, CID=%X\n", pptp_msg_name[msg], ntohs(pcid)); DEBUGP("%s, CID=%X PCID=%X\n", pptp_msg_name[msg],
ntohs(cid), ntohs(pcid));
if (pptpReq->icack.resultCode == PPTP_INCALL_ACCEPT) { if (pptpReq->icack.resultCode == PPTP_INCALL_ACCEPT) {
/* part two of the three-way handshake */ /* part two of the three-way handshake */
info->cstate = PPTP_CALL_IN_REP; info->cstate = PPTP_CALL_IN_REP;
info->pns_call_id = pcid; info->pns_call_id = cid;
} else } else
info->cstate = PPTP_CALL_NONE; info->cstate = PPTP_CALL_NONE;
break; break;
......
...@@ -172,7 +172,7 @@ pptp_outbound_pkt(struct sk_buff **pskb, ...@@ -172,7 +172,7 @@ pptp_outbound_pkt(struct sk_buff **pskb,
ct_pptp_info->pns_call_id = new_callid; ct_pptp_info->pns_call_id = new_callid;
break; break;
case PPTP_IN_CALL_REPLY: case PPTP_IN_CALL_REPLY:
cid_off = offsetof(union pptp_ctrl_union, icreq.callID); cid_off = offsetof(union pptp_ctrl_union, icack.callID);
break; break;
case PPTP_CALL_CLEAR_REQUEST: case PPTP_CALL_CLEAR_REQUEST:
cid_off = offsetof(union pptp_ctrl_union, clrreq.callID); cid_off = offsetof(union pptp_ctrl_union, clrreq.callID);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment