Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

off by one in pppd

From: "david evlis reign" <davidreign () hotmail com>
Date: Sun, 10 Mar 2002 04:54:00 +0000


static int
setescape(argv)
   char **argv;
{
   int n, ret;
   char *p, *endp;

   p = *argv;
   ret = 1;
   while (*p) {
        n = strtol(p, &endp, 16);
        if (p == endp) {
            option_error("escape parameter contains invalid hex number '%s'",
                         p);
            return 0;
        }
        p = endp;
        if (n < 0 || n == 0x5E || n > 0xFF) { <--- offending code
            option_error("can't escape character 0x%x", n);
            ret = 0;
        } else
            xmit_accm[0][n >> 5] |= 1 << (n & 0x1F);
        while (*p == ',' || *p == ' ')
            ++p;
   }
   return ret;
}

can anyone clarify this?


_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
Previous By Date Next
Previous By Thread Next

Current thread: