pppd: Fix bounds check in EAP code am: f9fec5c369 am: 0adf11c24c am: 5788de2192 am: 024dbd1dc3 am: 39855b1e5b Change-Id: I1d294ff32a728f4dca2da3ba0164d84f7546e995

commit: 80896b9c493a68d7b270892ec1d08e3b8ec43692 [log] [tgz]
author: Paul Mackerras <paulus@ozlabs.org> Thu Apr 02 00:56:45 2020 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Apr 02 00:56:45 2020 +0000
tree: eb1534824b8c971f4195b967e9adb3d2b974ba3b
parent: f39a656871ed774e290150e3d007d418858bdb27 [diff]
parent: 39855b1e5b483e16ff1f23466140b2695c531f43 [diff]
diff --git a/pppd/eap.c b/pppd/eap.c
index 6ea6c1f..5940ebf 100644
--- a/pppd/eap.c
+++ b/pppd/eap.c

@@ -1421,7 +1421,7 @@
 		}
 
 		/* Not so likely to happen. */
-		if (vallen >= len + sizeof (rhostname)) {
+		if (len - vallen >= sizeof (rhostname)) {
 			dbglog("EAP: trimming really long peer name down");
 			BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
 			rhostname[sizeof (rhostname) - 1] = '\0';
@@ -1847,7 +1847,7 @@
 		}
 
 		/* Not so likely to happen. */
-		if (vallen >= len + sizeof (rhostname)) {
+		if (len - vallen >= sizeof (rhostname)) {
 			dbglog("EAP: trimming really long peer name down");
 			BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
 			rhostname[sizeof (rhostname) - 1] = '\0';
commit	80896b9c493a68d7b270892ec1d08e3b8ec43692	[log] [tgz]
author	Paul Mackerras <paulus@ozlabs.org>	Thu Apr 02 00:56:45 2020 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Thu Apr 02 00:56:45 2020 +0000
tree	eb1534824b8c971f4195b967e9adb3d2b974ba3b
parent	f39a656871ed774e290150e3d007d418858bdb27 [diff]
parent	39855b1e5b483e16ff1f23466140b2695c531f43 [diff]