You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In isolation, yes that could perhaps happen; in the context of the rest of the code, the packets that we are processing always come from read_packet() (defined in sys-linux.c or sys-solaris.c) and those limit the packet length to no more than 1504 bytes. So I don't think there is a pressing issue here. I would be OK with changing cilen to int or unsigned int just to be sure.
The following was found by static analysis.
16 bit
cilen
is assigned 32 bitl
at https://github.com/ppp-project/ppp/blob/master/pppd/ipcp.c#L1468 and there is no check for overflow so I am afraid it could be overflown.The text was updated successfully, but these errors were encountered: