comparison src/g23m-fad/ppp/ppp_ncpf.c @ 1:fa8dc04885d8

src/g23m-*: import from Magnetite
author Mychaela Falconia <falcon@freecalypso.org>
date Fri, 16 Oct 2020 06:25:50 +0000
parents
children
comparison
equal deleted inserted replaced
0:4e78acac3d88 1:fa8dc04885d8
1 /*
2 +-----------------------------------------------------------------------------
3 | Project :
4 | Modul :
5 +-----------------------------------------------------------------------------
6 | Copyright 2002 Texas Instruments Berlin, AG
7 | All rights reserved.
8 |
9 | This file is confidential and a trade secret of Texas
10 | Instruments Berlin, AG
11 | The receipt of or possession of this file does not convey
12 | any rights to reproduce or disclose its contents or to
13 | manufacture, use, or sell anything it may describe, in
14 | whole, or in part, without the specific written consent of
15 | Texas Instruments Berlin, AG.
16 +-----------------------------------------------------------------------------
17 | Purpose : This modul is part of the entity PPP and implements all
18 | procedures and functions as described in the
19 | SDL-documentation (NCP-statemachine)
20 +-----------------------------------------------------------------------------
21 */
22
23 #define ENTITY_PPP
24
25 /*==== INCLUDES =============================================================*/
26
27 #include "typedefs.h" /* to get Condat data types */
28 #include "vsi.h" /* to get a lot of macros */
29 #include "macdef.h" /* to get a lot of macros */
30 #include "custom.h" /* to get a lot of macros */
31 #include "gsm.h" /* to get a lot of macros */
32 #include "prim.h" /* to get the definitions of used SAP and directions */
33 #include "dti.h" /* to get the DTILIB definitions */
34 #include "ppp.h" /* to get the global entity definitions */
35
36 #include <string.h> /* to get memcpy */
37 #include "ppp_arbf.h" /* to get function interface from arb */
38
39 /*==== CONST ================================================================*/
40
41 #define TYPE_HC 2
42 #define TYPE_IP 3
43 #define TYPE_PDNS 129
44 #define TYPE_SDNS 131
45 #define TYPE_ADJUST 125
46
47 #define MASK_TYPE_HC TYPE_HC
48 #define MASK_TYPE_IP TYPE_IP
49 #define MASK_TYPE_PDNS (TYPE_PDNS - TYPE_ADJUST)
50 #define MASK_TYPE_SDNS (TYPE_SDNS - TYPE_ADJUST)
51
52 #define LENGTH_HC_VJ 6
53 #define LENGTH_HC_MAX LENGTH_HC_VJ
54 #define LENGTH_IP 6
55 #define LENGTH_PDNS 6
56 #define LENGTH_SDNS 6
57
58 #define NCP_CONF_REQ_LENGTH_MAX (4 + \
59 LENGTH_HC_MAX + \
60 LENGTH_IP + \
61 LENGTH_PDNS + \
62 LENGTH_SDNS)
63 #define NCP_TERM_REQ_LENGTH 6
64
65 #define PPP_CSID_YES 1
66
67 /*==== LOCAL VARS ===========================================================*/
68
69 /*==== PRIVATE FUNCTIONS ====================================================*/
70
71 /*==== PUBLIC FUNCTIONS =====================================================*/
72
73
74
75 /*
76 +------------------------------------------------------------------------------
77 | Function : ncp_init
78 +------------------------------------------------------------------------------
79 | Description : The function ncp_init() initialize Network Control Protocol
80 |
81 | Parameters : no parameters
82 |
83 +------------------------------------------------------------------------------
84 */
85 GLOBAL void ncp_init ()
86 {
87 TRACE_FUNCTION( "ncp_init" );
88 /*
89 * initialize values
90 */
91 ppp_data->ncp.req_hc = PPP_HC_DEFAULT;
92 ppp_data->ncp.req_msid = PPP_MSID_DEFAULT;
93 ppp_data->ncp.req_ip = PPP_IP_DEFAULT;
94 ppp_data->ncp.req_pdns = PPP_PDNS_DEFAULT;
95 ppp_data->ncp.req_sdns = PPP_SDNS_DEFAULT;
96 ppp_data->ncp.req_gateway = PPP_GATEWAY_DEFAULT;
97
98 ppp_data->ncp.s_hc = PPP_HC_DEFAULT;
99 ppp_data->ncp.s_msid = PPP_MSID_DEFAULT;
100 ppp_data->ncp.r_hc = PPP_HC_DEFAULT;
101 ppp_data->ncp.r_msid = PPP_MSID_DEFAULT;
102 ppp_data->ncp.n_ip = PPP_IP_DEFAULT;
103 ppp_data->ncp.n_pdns = PPP_PDNS_DEFAULT;
104 ppp_data->ncp.n_sdns = PPP_SDNS_DEFAULT;
105 ppp_data->ncp.n_gateway = PPP_GATEWAY_DEFAULT;
106
107 ppp_data->ncp.s_rejected = 0;
108
109 ppp_data->ncp.nscri = 0;
110 ppp_data->ncp.nstri = 0;
111 ppp_data->ncp.nscji = 0;
112
113 ppp_data->ncp.scr=FALSE;
114 ppp_data->ncp.str=FALSE;
115 ppp_data->ncp.rcr=FALSE;
116
117 INIT_STATE( PPP_SERVICE_NCP , NCP_STATE );
118 } /* ncp_init() */
119
120
121
122 /*
123 +------------------------------------------------------------------------------
124 | Function : ncp_get_values
125 +------------------------------------------------------------------------------
126 | Description : The function ncp_get_values() returns negotiated values
127 |
128 | Parameters : ptr_hc - returns IP Header Compression
129 | ptr_msid - returns max slot identifier
130 | ptr_ip - returns IP address
131 | ptr_pdns - returns primary DNS server address
132 | ptr_pdns - returns secondary DNS server address
133 |
134 +------------------------------------------------------------------------------
135 */
136 GLOBAL void ncp_get_values (UBYTE* ptr_hc, UBYTE* ptr_msid, ULONG* ptr_ip,
137 ULONG* ptr_pdns, ULONG* ptr_sdns)
138 {
139 TRACE_FUNCTION( "ncp_get_values" );
140
141 *ptr_hc = ppp_data->ncp.r_hc;
142 if(ppp_data->ncp.r_msid < ppp_data->ncp.s_msid)
143 *ptr_msid = ppp_data->ncp.r_msid;
144 else
145 *ptr_msid = ppp_data->ncp.s_msid;
146 *ptr_ip = ppp_data->ncp.n_ip;
147 *ptr_pdns = ppp_data->ncp.n_pdns;
148 *ptr_sdns = ppp_data->ncp.n_sdns;
149
150 } /* ncp_get_values() */
151
152
153
154 /*
155 +------------------------------------------------------------------------------
156 | Function : ncp_get_scr
157 +------------------------------------------------------------------------------
158 | Description : The function ncp_get_scr() creates a NCP Configure Request
159 | packet.
160 |
161 | Parameters : ptr_packet - returns the Configure Request packet
162 | THE MEMORY FOR THE PACKET WILL ALLOCATED BY
163 | THIS FUNCTION
164 |
165 +------------------------------------------------------------------------------
166 */
167 GLOBAL void ncp_get_scr (T_desc2** ptr_packet)
168 {
169 T_desc2* ret_desc;
170 USHORT len_pos;
171 USHORT pos;
172
173 TRACE_FUNCTION( "ncp_get_scr" );
174
175 /*
176 * Allocate the necessary size for the data descriptor. The size is
177 * calculated as follows:
178 * - take the size of a descriptor structure
179 * - subtract one because of the array buffer[1] to get the size of
180 * descriptor control information
181 * - add number of octets of descriptor data
182 */
183 MALLOC (ret_desc, (USHORT)(sizeof(T_desc2) - 1 + NCP_CONF_REQ_LENGTH_MAX));
184 /*
185 * fill the packet
186 */
187 ret_desc->next=(ULONG)NULL;
188 pos=0;
189 /*
190 * Code field
191 */
192 ret_desc->buffer[pos]=CODE_CONF_REQ;
193 pos++;
194 /*
195 * Identifier field
196 */
197 ret_desc->buffer[pos]=ppp_data->ncp.nscri;/*lint !e415 access of out-of-bounds pointer */
198 pos++;
199 /*
200 * Length field (store the position)
201 */
202 len_pos=pos;
203 pos++;
204 pos++;
205 /*
206 * Header Compression Protocol (only server mode)
207 */
208 if(((ppp_data->ncp.s_rejected & (1UL << MASK_TYPE_HC)) EQ 0) &&
209 (ppp_data->ncp.s_hc NEQ PPP_HC_DEFAULT))
210 {
211 if(ppp_data->ncp.s_hc EQ PPP_HC_VJ)
212 {
213 ret_desc->buffer[pos] = TYPE_HC;/*lint !e415 !e416 access of out-of-bounds pointer */
214 pos++;
215 ret_desc->buffer[pos] = LENGTH_HC_VJ;/*lint !e415 !e416 access of out-of-bounds pointer */
216 pos++;
217 ret_desc->buffer[pos] = PROTOCOL_VJ_MSB;/*lint !e415 !e416 access of out-of-bounds pointer */
218 pos++;
219 ret_desc->buffer[pos] = PROTOCOL_VJ_LSB;/*lint !e415 !e416 access of out-of-bounds pointer */
220 pos++;
221 ret_desc->buffer[pos] = ppp_data->ncp.s_msid;/*lint !e415 !e416 access of out-of-bounds pointer */
222 pos++;
223 ret_desc->buffer[pos] = PPP_CSID_YES;/*lint !e415 !e416 access of out-of-bounds pointer */
224 pos++;
225 }
226 /*
227 * include additional header compression protocols
228 */
229 }
230 /*
231 * IP Address (only client mode)
232 */
233 if(((ppp_data->ncp.s_rejected & (1UL << MASK_TYPE_IP)) EQ 0) &&
234 (ppp_data->mode EQ PPP_CLIENT))
235 {
236 ret_desc->buffer[pos]=TYPE_IP;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
237 pos++;
238 ret_desc->buffer[pos]=LENGTH_IP;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
239 pos++;
240 ret_desc->buffer[pos]=(UBYTE)(ppp_data->ncp.n_ip >> 24);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
241 pos++;
242 ret_desc->buffer[pos]=(UBYTE)((ppp_data->ncp.n_ip >> 16) & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
243 pos++;
244 ret_desc->buffer[pos]=(UBYTE)((ppp_data->ncp.n_ip >> 8) & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
245 pos++;
246 ret_desc->buffer[pos]=(UBYTE)(ppp_data->ncp.n_ip & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
247 pos++;
248 }
249 /*
250 * Gateway Address (only server mode)
251 */
252 if(((ppp_data->ncp.s_rejected & (1UL << MASK_TYPE_IP)) EQ 0) &&
253 (ppp_data->mode EQ PPP_SERVER) &&
254 (ppp_data->ncp.n_gateway NEQ PPP_GATEWAY_DEFAULT))
255 {
256 ret_desc->buffer[pos]=TYPE_IP;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
257 pos++;
258 ret_desc->buffer[pos]=LENGTH_IP;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
259 pos++;
260 ret_desc->buffer[pos]=(UBYTE)(ppp_data->ncp.n_gateway >> 24);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
261 pos++;
262 ret_desc->buffer[pos]=(UBYTE)((ppp_data->ncp.n_gateway >> 16) & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
263 pos++;
264 ret_desc->buffer[pos]=(UBYTE)((ppp_data->ncp.n_gateway >> 8) & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
265 pos++;
266 ret_desc->buffer[pos]=(UBYTE)(ppp_data->ncp.n_gateway & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
267 pos++;
268 }
269 /*
270 * Primary DNS address (only client mode)
271 */
272 if(((ppp_data->ncp.s_rejected & (1UL << MASK_TYPE_PDNS)) EQ 0) &&
273 (ppp_data->mode EQ PPP_CLIENT))
274 {
275 ret_desc->buffer[pos]=TYPE_PDNS;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
276 pos++;
277 ret_desc->buffer[pos]=LENGTH_PDNS;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
278 pos++;
279 ret_desc->buffer[pos]=(UBYTE)(ppp_data->ncp.n_pdns >> 24);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
280 pos++;
281 ret_desc->buffer[pos]=(UBYTE)((ppp_data->ncp.n_pdns >> 16) & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
282 pos++;
283 ret_desc->buffer[pos]=(UBYTE)((ppp_data->ncp.n_pdns >> 8) & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
284 pos++;
285 ret_desc->buffer[pos]=(UBYTE)(ppp_data->ncp.n_pdns & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
286 pos++;
287 }
288 /*
289 * Secondary DNS address (only client mode)
290 */
291 if(((ppp_data->ncp.s_rejected & (1UL << MASK_TYPE_SDNS)) EQ 0) &&
292 (ppp_data->mode EQ PPP_CLIENT))
293 {
294 ret_desc->buffer[pos]=TYPE_SDNS;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
295 pos++;
296 ret_desc->buffer[pos]=LENGTH_SDNS;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
297 pos++;
298 ret_desc->buffer[pos]=(UBYTE)(ppp_data->ncp.n_sdns >> 24);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
299 pos++;
300 ret_desc->buffer[pos]=(UBYTE)((ppp_data->ncp.n_sdns >> 16) & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
301 pos++;
302 ret_desc->buffer[pos]=(UBYTE)((ppp_data->ncp.n_sdns >> 8) & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
303 pos++;
304 ret_desc->buffer[pos]=(UBYTE)(ppp_data->ncp.n_sdns & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
305 pos++;
306 }
307 /*
308 * insert packet length
309 */
310 ret_desc->len=pos;
311 ret_desc->buffer[len_pos]=(UBYTE)(pos >> 8);/*lint !e415 !e416 creation and access of out-of-bounds pointer */
312 len_pos++;
313 ret_desc->buffer[len_pos]=(UBYTE)(pos & 0x00ff);/*lint !e415 !e416 creation and access of out-of-bounds pointer */
314
315 /*
316 * return the created packet
317 */
318 ppp_data->ncp.scr=TRUE;
319 *ptr_packet=ret_desc;
320
321 } /* ncp_get_scr() */
322
323
324
325 /*
326 +------------------------------------------------------------------------------
327 | Function : ncp_get_str
328 +------------------------------------------------------------------------------
329 | Description : The function ncp_get_str() creates a NCP Terminate Request
330 | packet.
331 |
332 | Parameters : ptr_packet - returns the Terminate Request packet
333 | THE MEMORY FOR THE PACKET WILL ALLOCATED BY
334 | THIS FUNCTION
335 |
336 +------------------------------------------------------------------------------
337 */
338 GLOBAL void ncp_get_str (T_desc2** ptr_packet)
339 {
340 T_desc2* ret_desc;
341 USHORT pos;
342
343 TRACE_FUNCTION( "ncp_get_str" );
344
345 /*
346 * Allocate the necessary size for the data descriptor. The size is
347 * calculated as follows:
348 * - take the size of a descriptor structure
349 * - subtract one because of the array buffer[1] to get the size of
350 * descriptor control information
351 * - add number of octets of descriptor data
352 */
353 MALLOC (ret_desc, (USHORT)(sizeof(T_desc2) - 1 + NCP_TERM_REQ_LENGTH));
354 /*
355 * fill the packet
356 */
357 ret_desc->next = (ULONG)NULL;
358 ret_desc->len = NCP_TERM_REQ_LENGTH;
359 pos = 0;
360 /*
361 * Code field
362 */
363 ret_desc->buffer[pos] = CODE_TERM_REQ;
364 pos++;
365 /*
366 * Identifier field
367 */
368 ret_desc->buffer[pos] = ppp_data->ncp.nstri;/*lint !e415 access of out-of-bounds pointer */
369 pos++;
370 /*
371 * Length field
372 */
373 ret_desc->buffer[pos] = 0;/*lint !e415 !e416 creation and access of out-of-bounds pointer */
374 pos++;
375 ret_desc->buffer[pos] = NCP_TERM_REQ_LENGTH;/*lint !e415 !e416 creation and access of out-of-bounds pointer */
376 pos++;
377 /*
378 * Data field contains the error code
379 */
380 ret_desc->buffer[pos] = (U8)((ppp_data->ppp_cause >> 8) & 0x00ff);/*lint !e415 !e416 creation and access of out-of-bounds pointer */
381 pos++;
382 ret_desc->buffer[pos] = (U8)((ppp_data->ppp_cause) & 0x00ff);/*lint !e415 !e416 creation and access of out-of-bounds pointer */
383 pos++;
384
385 /*
386 * return the created packet
387 */
388 ppp_data->ncp.str = TRUE;
389 *ptr_packet = ret_desc;
390 } /* ncp_get_str() */
391
392
393
394 /*
395 +------------------------------------------------------------------------------
396 | Function : ncp_analyze_first_ipcp
397 +------------------------------------------------------------------------------
398 | Description : The function ncp_analyze_first_ipcp() determine whether the
399 | given packet is a Configure Request packet. If so the function
400 | analyzes the packet, sets some values in the data structure and
401 | returns the values for header comression.
402 |
403 | Parameters : packet - received packet
404 | ptr_result - returns the result of the analysis
405 | ptr_hc - returns requested header compression
406 | ptr_msid - returns requested max slot identifier
407 |
408 +------------------------------------------------------------------------------
409 */
410 GLOBAL void ncp_analyze_first_ipcp(T_desc2* packet,
411 UBYTE* ptr_result,
412 UBYTE* ptr_hc,
413 UBYTE* ptr_msid)
414 {
415 USHORT packet_len;
416 UBYTE type_len;
417 USHORT pos;
418 USHORT analyzed;
419 USHORT protocol_hc;
420 ULONG ip;
421 ULONG pdns;
422 ULONG sdns;
423
424 TRACE_FUNCTION( "ncp_analyze_first_ipcp" );
425
426 /*
427 * check whether it is a Configure Request packet and
428 * for correct length field
429 */
430 packet_len = packet->buffer[2];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
431 packet_len <<= 8;
432 packet_len+= packet->buffer[3];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
433 if((packet->buffer[0] NEQ CODE_CONF_REQ) ||
434 (packet_len > packet->len) ||
435 (packet_len < 4))
436 {
437 *ptr_result = FALSE;
438 return;
439 }
440 /*
441 * check consistence of length of packet and length of configuration options
442 */
443 pos=5;
444 while(pos < packet_len)
445 {
446 if(packet->buffer[pos] < 2)/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
447 {
448 *ptr_result = FALSE;
449 return;
450 }
451 pos+= packet->buffer[pos];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
452 }
453 if((pos - 1) NEQ packet_len)
454 {
455 *ptr_result = FALSE;
456 return;
457 }
458 /*
459 * analyze configuration options
460 */
461 ppp_data->ncp.r_hc = PPP_HC_DEFAULT;
462 ppp_data->ncp.r_msid = PPP_MSID_DEFAULT;
463 ppp_data->ncp.n_ip = PPP_IP_DEFAULT;
464 ppp_data->ncp.n_pdns = PPP_PDNS_DEFAULT;
465 ppp_data->ncp.n_sdns = PPP_SDNS_DEFAULT;
466 pos=4;
467 /*
468 * analyzed is a bit field and marks all already analyzed
469 * configuration options in order to reject all configuration options
470 * which are listed more than once
471 */
472 analyzed=0;
473 while(pos < packet_len)
474 {
475 type_len=packet->buffer[pos + 1];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
476 switch(packet->buffer[pos])/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
477 {
478 /*
479 * yet supported configuration options
480 */
481 case TYPE_HC: /* Header Compression */
482 protocol_hc = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
483 protocol_hc <<= 8;
484 protocol_hc+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
485 if((analyzed & (1UL << MASK_TYPE_HC)) EQ 0)
486 {
487 analyzed|= (1UL << MASK_TYPE_HC);
488 /*
489 * max slot identifier should be between 3 and 254
490 * comp slot identifier may be compressed
491 */
492 if((protocol_hc EQ DTI_PID_CTCP) &&
493 (packet->buffer[pos + 4] >= 3) &&
494 (packet->buffer[pos + 5] EQ PPP_CSID_YES))/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
495 {
496 ppp_data->ncp.r_hc = PPP_HC_VJ;
497 ppp_data->ncp.r_msid = packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
498 if(ppp_data->ncp.r_msid > 254)
499 ppp_data->ncp.r_msid = 254;
500 }
501 }
502 break;
503 case TYPE_IP:
504 ip = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
505 ip = (ip << 8);
506 ip+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
507 ip = (ip << 8);
508 ip+= packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
509 ip = (ip << 8);
510 ip+= packet->buffer[pos + 5];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
511 if((analyzed & (1UL << MASK_TYPE_IP)) EQ 0)
512 {
513 analyzed|=(1UL << MASK_TYPE_IP);
514 ppp_data->ncp.n_ip = ip;
515 }
516 break;
517 case TYPE_PDNS:
518 pdns = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
519 pdns = (pdns << 8);
520 pdns+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
521 pdns = (pdns << 8);
522 pdns+= packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
523 pdns = (pdns << 8);
524 pdns+= packet->buffer[pos + 5];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
525 if((analyzed & (1UL << MASK_TYPE_PDNS)) EQ 0)
526 {
527 analyzed|=(1UL << MASK_TYPE_PDNS);
528 ppp_data->ncp.n_pdns = pdns;
529 }
530 break;
531 case TYPE_SDNS:
532 sdns = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
533 sdns = (sdns << 8);
534 sdns+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
535 sdns = (sdns << 8);
536 sdns+= packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
537 sdns = (sdns << 8);
538 sdns+= packet->buffer[pos + 5];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
539 if((analyzed & (1UL << MASK_TYPE_SDNS)) EQ 0)
540 {
541 analyzed|=(1UL << MASK_TYPE_SDNS);
542 ppp_data->ncp.n_sdns = sdns;
543 }
544 break;
545 default:
546 /*
547 * not supported configuration options are not analysed
548 */
549 break;
550 }
551 pos+= type_len;
552 }
553 /*
554 * all configuration options analyzed
555 */
556 *ptr_hc = ppp_data->ncp.r_hc;
557 *ptr_msid = ppp_data->ncp.r_msid;
558 *ptr_result = TRUE;
559 } /* ncp_analyze_first_ipcp() */
560
561
562
563 /*
564 +------------------------------------------------------------------------------
565 | Function : ncp_fill_out_packet
566 +------------------------------------------------------------------------------
567 | Description : The function ncp_fill_out_packet() puts a IPCP packet into
568 | the protocol configuration list
569 |
570 | Parameters : pco_buf - pco list buffer
571 | ptr_pos - position where to write the IPCP packet, this value
572 | must get back to the calling funtion
573 |
574 +------------------------------------------------------------------------------
575 */
576 GLOBAL void ncp_fill_out_packet (UBYTE pco_buf[], USHORT* ptr_pos)
577 {
578 USHORT pos;
579 USHORT len_pos1, len_pos2;
580
581 TRACE_FUNCTION( "ncp_fill_out_packet" );
582
583 if((ppp_data->pco_mask & PPP_PCO_MASK_IPCP_HC) ||
584 (ppp_data->pco_mask & PPP_PCO_MASK_IPCP_IP) ||
585 (ppp_data->pco_mask & PPP_PCO_MASK_IPCP_PDNS) ||
586 (ppp_data->pco_mask & PPP_PCO_MASK_IPCP_SDNS))
587 {
588 pos=*ptr_pos;
589 /*
590 * create the Configure-Request packet
591 */
592 /*
593 * Protocol ID
594 */
595 pco_buf[pos] = PROTOCOL_IPCP_MSB;
596 pos++;
597 pco_buf[pos] = PROTOCOL_IPCP_LSB;
598 pos++;
599 /*
600 * Length of Protocol contents (store the position)
601 */
602 len_pos1 = pos;
603 pos++;
604 /*
605 * Code field
606 */
607 pco_buf[pos] = CODE_CONF_REQ;
608 pos++;
609 /*
610 * Identifier field (some value)
611 */
612 pco_buf[pos] = 1;
613 pos++;
614 /*
615 * Length field (store the position)
616 */
617 len_pos2 = pos;
618 pos++;
619 pos++;
620
621 if(ppp_data->pco_mask & PPP_PCO_MASK_IPCP_HC)
622 {
623 /*
624 * Header Compression
625 */
626 if(ppp_data->ncp.r_hc EQ PPP_HC_VJ)
627 {
628 pco_buf[pos] = TYPE_HC;
629 pos++;
630 pco_buf[pos] = LENGTH_HC_VJ;
631 pos++;
632 pco_buf[pos] = PROTOCOL_VJ_MSB;
633 pos++;
634 pco_buf[pos] = PROTOCOL_VJ_LSB;
635 pos++;
636 pco_buf[pos] = ppp_data->ncp.r_msid;
637 pos++;
638 pco_buf[pos] = PPP_CSID_YES;
639 pos++;
640 }
641 }
642
643 if(ppp_data->pco_mask & PPP_PCO_MASK_IPCP_IP)
644 {
645 /*
646 * IP Address
647 */
648 pco_buf[pos] = TYPE_IP;
649 pos++;
650 pco_buf[pos] = LENGTH_IP;
651 pos++;
652 pco_buf[pos] = (UBYTE)(ppp_data->ncp.n_ip >> 24);
653 pos++;
654 pco_buf[pos] = (UBYTE)((ppp_data->ncp.n_ip >> 16) & 0x000000ff);
655 pos++;
656 pco_buf[pos] = (UBYTE)((ppp_data->ncp.n_ip >> 8) & 0x000000ff);
657 pos++;
658 pco_buf[pos] = (UBYTE)(ppp_data->ncp.n_ip & 0x000000ff);
659 pos++;
660 }
661
662 if(ppp_data->pco_mask & PPP_PCO_MASK_IPCP_PDNS)
663 {
664 /*
665 * primary DNS Address
666 */
667 pco_buf[pos] = TYPE_PDNS;
668 pos++;
669 pco_buf[pos] = LENGTH_PDNS;
670 pos++;
671 pco_buf[pos] = (UBYTE)(ppp_data->ncp.n_pdns >> 24);
672 pos++;
673 pco_buf[pos] = (UBYTE)((ppp_data->ncp.n_pdns >> 16) & 0x000000ff);
674 pos++;
675 pco_buf[pos] = (UBYTE)((ppp_data->ncp.n_pdns >> 8) & 0x000000ff);
676 pos++;
677 pco_buf[pos] = (UBYTE)(ppp_data->ncp.n_pdns & 0x000000ff);
678 pos++;
679 }
680
681 if(ppp_data->pco_mask & PPP_PCO_MASK_IPCP_SDNS)
682 {
683 /*
684 * secondary DNS Address
685 */
686 pco_buf[pos] = TYPE_SDNS;
687 pos++;
688 pco_buf[pos] = LENGTH_SDNS;
689 pos++;
690 pco_buf[pos] = (UBYTE)(ppp_data->ncp.n_sdns >> 24);
691 pos++;
692 pco_buf[pos] = (UBYTE)((ppp_data->ncp.n_sdns >> 16) & 0x000000ff);
693 pos++;
694 pco_buf[pos] = (UBYTE)((ppp_data->ncp.n_sdns >> 8) & 0x000000ff);
695 pos++;
696 pco_buf[pos] = (UBYTE)(ppp_data->ncp.n_sdns & 0x000000ff);
697 pos++;
698 }
699
700 /*
701 * insert packet length
702 */
703 pco_buf[len_pos2] = 0;
704 len_pos2++;
705 pco_buf[len_pos2] = (UBYTE)(pos - len_pos2 + 3);
706 /*
707 * insert Length of Protocol Contents
708 */
709 pco_buf[len_pos1] = pco_buf[len_pos2];
710
711 /*
712 * return new position
713 */
714 *ptr_pos=pos;
715 }
716
717 if(ppp_data->pco_mask & PPP_PCO_MASK_IPCP_GATEWAY)
718 {
719 pos=*ptr_pos;
720 /*
721 * create the Configure-NAK packet
722 */
723 /*
724 * Protocol ID
725 */
726 pco_buf[pos] = PROTOCOL_IPCP_MSB;
727 pos++;
728 pco_buf[pos] = PROTOCOL_IPCP_LSB;
729 pos++;
730 /*
731 * Length of Protocol contents (store the position)
732 */
733 len_pos1 = pos;
734 pos++;
735 /*
736 * Code field
737 */
738 pco_buf[pos] = CODE_CONF_NAK;
739 pos++;
740 /*
741 * Identifier field (some value)
742 */
743 pco_buf[pos] = 1;
744 pos++;
745 /*
746 * Length field (store the position)
747 */
748 len_pos2 = pos;
749 pos++;
750 pos++;
751
752 /*
753 * dynamic Gateway Address
754 */
755 pco_buf[pos] = TYPE_IP;
756 pos++;
757 pco_buf[pos] = LENGTH_IP;
758 pos++;
759 pco_buf[pos] = 0;
760 pos++;
761 pco_buf[pos] = 0;
762 pos++;
763 pco_buf[pos] = 0;
764 pos++;
765 pco_buf[pos] = 0;
766 pos++;
767
768 /*
769 * insert packet length
770 */
771 pco_buf[len_pos2] = 0;
772 len_pos2++;
773 pco_buf[len_pos2] = (UBYTE)(pos - len_pos2 + 3);
774 /*
775 * insert Length of Protocol Contents
776 */
777 pco_buf[len_pos1] = pco_buf[len_pos2];
778
779 /*
780 * return new position
781 */
782 *ptr_pos=pos;
783 }
784 } /* ncp_fill_out_packet() */
785
786
787
788 /*
789 +------------------------------------------------------------------------------
790 | Function : ncp_analyze_pco
791 +------------------------------------------------------------------------------
792 | Description : The function ncp_analyze_pco() analyzes the return packet from
793 | PDP activation and determines the primary and secondary DNS
794 | address and the Gateway address.
795 |
796 | Parameters : pco_buf - pointer to the protocol configuration options
797 | pos - position where the IPCP packet starts
798 | ptr_dns1 - returns primary DNS address
799 | ptr_dns2 - returns secondary DNS address
800 | ptr_gateway - returns Gateway address
801 |
802 +------------------------------------------------------------------------------
803 */
804 GLOBAL void ncp_analyze_pco (UBYTE pco_buf[],
805 USHORT pos,
806 ULONG* ptr_dns1,
807 ULONG* ptr_dns2,
808 ULONG* ptr_gateway)
809 {
810 USHORT packet_len;
811 USHORT start_pos;
812 UBYTE type_len;
813 USHORT analyzed;
814 ULONG pdns;
815 ULONG sdns;
816 ULONG gateway;
817
818 TRACE_FUNCTION( "ncp_analyze_pco" );
819
820 /*
821 * check for correct length field
822 */
823 pos+= 2;
824 packet_len = pco_buf[pos + 3];
825 packet_len <<= 8;
826 packet_len+= pco_buf[pos + 4];
827 if(packet_len NEQ pco_buf[pos])
828 return;
829 pos++;
830 /*
831 * check of code field
832 */
833 if((pco_buf[pos] NEQ CODE_CONF_REQ) &&
834 (pco_buf[pos] NEQ CODE_CONF_NAK) &&
835 (pco_buf[pos] NEQ CODE_CONF_ACK))
836 return;
837 /*
838 * analyze configuration options
839 */
840 start_pos = pos;
841 pos+= 4;
842 /*
843 * analyzed is a bit field and marks all already analyzed
844 * configuration options in order to determine configuration options
845 * which are listed more than once
846 */
847 analyzed=0;
848 while((pos - start_pos) < packet_len)
849 {
850 type_len=pco_buf[pos + 1];
851 switch(pco_buf[pos])
852 {
853 /*
854 * search for IP configuration option
855 */
856 case TYPE_IP:
857 gateway = pco_buf[pos + 2];
858 gateway = (gateway << 8);
859 gateway+= pco_buf[pos + 3];
860 gateway = (gateway << 8);
861 gateway+= pco_buf[pos + 4];
862 gateway = (gateway << 8);
863 gateway+= pco_buf[pos + 5];
864 if(((analyzed & (1UL << MASK_TYPE_IP)) EQ 0) &&
865 (*ptr_gateway EQ PPP_GATEWAY_DEFAULT) &&
866 (pco_buf[start_pos] EQ CODE_CONF_REQ))
867 {
868 analyzed|=(1UL << MASK_TYPE_IP);
869 *ptr_gateway = gateway;
870 }
871 break;
872
873 /*
874 * search for DNS configuration options
875 */
876 case TYPE_PDNS:
877 pdns = pco_buf[pos + 2];
878 pdns = (pdns << 8);
879 pdns+= pco_buf[pos + 3];
880 pdns = (pdns << 8);
881 pdns+= pco_buf[pos + 4];
882 pdns = (pdns << 8);
883 pdns+= pco_buf[pos + 5];
884 if(((analyzed & (1UL << MASK_TYPE_PDNS)) EQ 0) &&
885 (*ptr_dns1 EQ PPP_PDNS_DEFAULT) &&
886 ((pco_buf[start_pos] EQ CODE_CONF_NAK) ||
887 (pco_buf[start_pos] EQ CODE_CONF_ACK)))
888 {
889 analyzed|=(1UL << MASK_TYPE_PDNS);
890 *ptr_dns1 = pdns;
891 }
892 break;
893
894 case TYPE_SDNS:
895 sdns = pco_buf[pos + 2];
896 sdns = (sdns << 8);
897 sdns+= pco_buf[pos + 3];
898 sdns = (sdns << 8);
899 sdns+= pco_buf[pos + 4];
900 sdns = (sdns << 8);
901 sdns+= pco_buf[pos + 5];
902 if(((analyzed & (1UL << MASK_TYPE_SDNS)) EQ 0) &&
903 (*ptr_dns2 EQ PPP_SDNS_DEFAULT) &&
904 ((pco_buf[start_pos] EQ CODE_CONF_NAK) ||
905 (pco_buf[start_pos] EQ CODE_CONF_ACK)))
906 {
907 analyzed|=(1UL << MASK_TYPE_SDNS);
908 *ptr_dns2 = sdns;
909 }
910 break;
911 default:
912 /*
913 * other configuration options are not analysed
914 */
915 break;
916 }
917 pos+= type_len;
918 }
919 } /* ncp_analyze_pco() */
920
921
922
923 /*
924 +------------------------------------------------------------------------------
925 | Function : ncp_rcr
926 +------------------------------------------------------------------------------
927 | Description : The function ncp_rcr() analyzes the given
928 | Configure Request packet and returns either FORWARD_RCRP or
929 | FORWARD_RCRN depend on the result of the analysis.
930 | The packet pointer points to an appropriate response packet.
931 |
932 | Parameters : ptr_packet - pointer to a Configure Request packet
933 | forward - returns result of analysis
934 |
935 +------------------------------------------------------------------------------
936 */
937 GLOBAL void ncp_rcr (T_desc2** ptr_packet, UBYTE* isnew, UBYTE* forward)
938 {
939 T_desc2* packet;
940 USHORT packet_len;
941 UBYTE type_len;
942 USHORT pos;
943 USHORT copy_pos;
944 USHORT analyzed;
945 UBYTE code_ret;
946 UBYTE error_found;
947 USHORT protocol_hc;
948 UBYTE csid;
949 ULONG ip;
950 ULONG pdns;
951 ULONG sdns;
952
953 TRACE_FUNCTION( "ncp_rcr" );
954
955 /*
956 * check for correct length field
957 */
958 packet = *ptr_packet;
959 packet_len = packet->buffer[2];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
960 packet_len <<= 8;
961 packet_len+= packet->buffer[3];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
962 if((packet_len > packet->len) || (packet_len < 4))
963 {
964 *forward=FORWARD_DISCARD;
965 return;
966 }
967 /*
968 * check consistence of length of packet and length of configuration options
969 */
970 pos=5;
971 while(pos < packet_len)
972 {
973 if(packet->buffer[pos] < 2)/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
974 {
975 *forward=FORWARD_DISCARD;
976 return;
977 }
978 pos += packet->buffer[pos];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
979 }
980 if((pos - 1) NEQ packet_len)
981 {
982 *forward=FORWARD_DISCARD;
983 return;
984 }
985 /*
986 * check whether it is a new identifier
987 */
988 *isnew=TRUE;
989 if((ppp_data->ncp.rcr) && (ppp_data->ncp.lrcri EQ packet->buffer[1]))/*lint !e415 access of out-of-bounds pointer */
990 *isnew=FALSE;
991 ppp_data->ncp.lrcri=packet->buffer[1];/*lint !e415 access of out-of-bounds pointer */
992 ppp_data->ncp.rcr=TRUE;
993 /*
994 * analyze configuration options
995 */
996 ppp_data->ncp.r_hc = PPP_HC_DEFAULT;
997 ppp_data->ncp.r_msid = PPP_MSID_DEFAULT;
998 csid = 0;
999 if(ppp_data->mode EQ PPP_SERVER)
1000 {
1001 ppp_data->ncp.n_ip = PPP_IP_DEFAULT;
1002 ppp_data->ncp.n_pdns = PPP_PDNS_DEFAULT;
1003 ppp_data->ncp.n_sdns = PPP_SDNS_DEFAULT;
1004 }
1005 pos=4;
1006 /*
1007 * position where NAKed or Rejected configuration options are copied to
1008 */
1009 copy_pos=4;
1010 /*
1011 * code_ret contains actually the status of analysis
1012 * states are CODE_CONF_ACK, CODE_CONF_NAK and CODE_CONF_REJ
1013 * this state are also values for the Code-field in the return packet
1014 */
1015 code_ret=CODE_CONF_ACK;
1016 /*
1017 * analyzed is a bit field and marks all already analyzed
1018 * configuration options in order to reject all configuration options
1019 * which are listed more than once
1020 */
1021 analyzed=0;
1022 while(pos < packet_len)
1023 {
1024 type_len=packet->buffer[pos + 1];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1025 switch(packet->buffer[pos])/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1026 {
1027 /*
1028 * yet supported configuration options
1029 */
1030 case TYPE_HC: /* Header Compression */
1031 protocol_hc = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1032 protocol_hc <<= 8;
1033 protocol_hc+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1034 if(protocol_hc EQ DTI_PID_CTCP)
1035 {
1036 ppp_data->ncp.r_hc = PPP_HC_VJ;
1037 ppp_data->ncp.r_msid = packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1038 csid = packet->buffer[pos + 5];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1039 }
1040
1041 switch(code_ret)
1042 {
1043 case CODE_CONF_ACK:
1044 if(((analyzed & (1UL << MASK_TYPE_HC)) EQ 0) &&
1045 (ppp_data->ncp.r_hc EQ ppp_data->ncp.req_hc))
1046 {
1047 if((ppp_data->ncp.r_hc EQ PPP_HC_VJ) &&
1048 (type_len EQ LENGTH_HC_VJ))
1049 {
1050 if((ppp_data->mode EQ PPP_SERVER) &&
1051 (ppp_data->ncp.r_msid >= ppp_data->ncp.s_msid) &&
1052 (csid EQ PPP_CSID_YES) &&
1053 (ppp_data->ncp.s_hc EQ PPP_HC_VJ))
1054 {
1055 analyzed|=(1UL << MASK_TYPE_HC);
1056 pos+= LENGTH_HC_VJ;
1057 break;
1058 }
1059 /*
1060 * include here negotiation in client mode
1061 */
1062 }
1063 /*
1064 * include here additional header compression protocols
1065 */
1066 }
1067 code_ret=CODE_CONF_NAK;
1068 /* fall through */
1069 case CODE_CONF_NAK:
1070 /*
1071 * this configuration option will NAKed only if the compression
1072 * protocol is not Van Jacobson Header Compression
1073 */
1074 if(((analyzed & (1UL << MASK_TYPE_HC)) EQ 0) &&
1075 (ppp_data->ncp.req_hc NEQ PPP_HC_DEFAULT) &&
1076 (ppp_data->ncp.s_hc EQ PPP_HC_VJ) &&
1077 ((protocol_hc NEQ DTI_PID_CTCP) ||
1078 (type_len NEQ LENGTH_HC_VJ) ||
1079 ((ppp_data->ncp.r_msid >= ppp_data->ncp.s_msid) &&
1080 (csid EQ PPP_CSID_YES))))
1081 {
1082 analyzed|= (1UL << MASK_TYPE_HC);
1083
1084 error_found = FALSE;
1085 /*
1086 * this implementation is only for server mode
1087 */
1088 if(type_len < LENGTH_HC_VJ)
1089 {
1090 T_desc2* temp_desc;
1091
1092 /*
1093 * create a new larger packet and copy the content
1094 * of the old packet into the new
1095 */
1096 MALLOC (temp_desc, (USHORT)(sizeof(T_desc2) - 1
1097 + packet_len
1098 + LENGTH_HC_VJ
1099 - type_len));
1100 temp_desc->next = packet->next;
1101 temp_desc->len = packet_len + LENGTH_HC_VJ - type_len;
1102 memcpy(temp_desc->buffer, packet->buffer, pos);/*lint !e669 !e670 possible data overrun*/
1103 memcpy(&temp_desc->buffer[pos + LENGTH_HC_VJ - type_len],
1104 &packet->buffer[pos],
1105 packet_len - pos);/*lint !e662 !e669 !e670 possible creation of out-of-bounds pointer*/
1106 arb_discard_packet(packet);
1107 packet_len+= (LENGTH_HC_VJ - type_len);
1108 pos += (LENGTH_HC_VJ - type_len);
1109 packet = temp_desc;
1110
1111 error_found = TRUE;
1112 }
1113 else if(ppp_data->ncp.r_hc NEQ PPP_HC_VJ)
1114 {
1115 error_found = TRUE;
1116 }
1117 else if(type_len > LENGTH_HC_VJ)
1118 {
1119 error_found = TRUE;
1120 }
1121 if(error_found EQ TRUE)
1122 {
1123 packet->buffer[copy_pos] = TYPE_HC;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1124 copy_pos++;
1125 packet->buffer[copy_pos] = LENGTH_HC_VJ;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1126 copy_pos++;
1127 packet->buffer[copy_pos] = PROTOCOL_VJ_MSB;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1128 copy_pos++;
1129 packet->buffer[copy_pos] = PROTOCOL_VJ_LSB;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1130 copy_pos++;
1131 packet->buffer[copy_pos] = ppp_data->ncp.req_msid;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1132 copy_pos++;
1133 packet->buffer[copy_pos] = PPP_CSID_YES;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1134 copy_pos++;
1135 }
1136 pos+= type_len;
1137 break;
1138 }
1139 code_ret = CODE_CONF_REJ;
1140 copy_pos = 4;
1141 /* fall through */
1142 case CODE_CONF_REJ:
1143 if(((analyzed & (1UL << MASK_TYPE_HC)) EQ 0) &&
1144 (ppp_data->ncp.req_hc NEQ PPP_HC_DEFAULT) &&
1145 (ppp_data->ncp.s_hc EQ PPP_HC_VJ) &&
1146 ((ppp_data->ncp.s_rejected & (1UL << MASK_TYPE_HC)) EQ 0) &&
1147 ((protocol_hc NEQ DTI_PID_CTCP) ||
1148 (type_len NEQ LENGTH_HC_VJ) ||
1149 ((ppp_data->ncp.r_msid >= ppp_data->ncp.s_msid) &&
1150 (csid EQ PPP_CSID_YES))))
1151 {
1152 analyzed|= (1UL << MASK_TYPE_HC);
1153 pos+= type_len;
1154 break;
1155 }
1156 /*
1157 * set s_hc to default because we reject this configuration option
1158 */
1159 ppp_data->ncp.s_hc = PPP_HC_DEFAULT;
1160 while(type_len > 0)
1161 {
1162 packet->buffer[copy_pos]=packet->buffer[pos];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1163 copy_pos++;
1164 pos++;
1165 type_len--;
1166 }
1167 break;
1168 default:
1169 TRACE_ERROR("Packet return code invalid");
1170 break;
1171 }
1172 break;
1173 case TYPE_IP:
1174 ip = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1175 ip = (ip << 8);
1176 ip+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1177 ip = (ip << 8);
1178 ip+= packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1179 ip = (ip << 8);
1180 ip+= packet->buffer[pos + 5];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1181
1182 switch(code_ret)
1183 {
1184 case CODE_CONF_ACK:
1185 if(((analyzed & (1UL << MASK_TYPE_IP)) EQ 0) &&
1186 (type_len EQ LENGTH_IP))
1187 {
1188 if((ppp_data->mode EQ PPP_SERVER) &&
1189 (((ip EQ ppp_data->ncp.req_ip) &&
1190 (ppp_data->ncp.req_ip NEQ PPP_IP_DEFAULT)) ||
1191 ((ip NEQ PPP_IP_DEFAULT) &&
1192 (ppp_data->ncp.req_ip EQ PPP_IP_DEFAULT))))
1193 {
1194 analyzed|=(1UL << MASK_TYPE_IP);
1195 ppp_data->ncp.n_ip = ip;
1196 pos+=LENGTH_IP;
1197 break;
1198 }
1199 else if((ppp_data->mode EQ PPP_CLIENT) &&
1200 (ip NEQ PPP_IP_DEFAULT))
1201 {
1202 /*
1203 * accept Gateway address
1204 */
1205 analyzed|=(1UL << MASK_TYPE_IP);
1206 ppp_data->ncp.n_gateway = ip;
1207 pos+=LENGTH_IP;
1208 break;
1209 }
1210 }
1211 code_ret=CODE_CONF_NAK;
1212 /* fall through */
1213 case CODE_CONF_NAK:
1214 /*
1215 * this option will be rejected in following cases:
1216 * - occurence more than once
1217 * - in client mode if received IP is dynamic
1218 * - in server mode if received and requested IP are dynamic
1219 */
1220 if(((analyzed & (1UL << MASK_TYPE_IP)) EQ 0) &&
1221 (((ppp_data->mode EQ PPP_SERVER) &&
1222 ((ip NEQ ppp_data->ncp.req_ip) ||
1223 (ppp_data->ncp.req_ip NEQ PPP_IP_DEFAULT))) ||
1224 ((ppp_data->mode EQ PPP_CLIENT) &&
1225 (ip NEQ PPP_IP_DEFAULT))))
1226 {
1227 analyzed|=(1UL << MASK_TYPE_IP);
1228
1229 error_found=FALSE;
1230 if(type_len < LENGTH_IP)
1231 {
1232 T_desc2* temp_desc;
1233
1234 /*
1235 * create a new larger packet and copy the content
1236 * of the old packet into the new
1237 */
1238 MALLOC (temp_desc, (USHORT)(sizeof(T_desc2) - 1
1239 + packet_len
1240 + LENGTH_IP
1241 - type_len));
1242 temp_desc->next = packet->next;
1243 temp_desc->len = packet_len + LENGTH_IP - type_len;
1244 memcpy(temp_desc->buffer, packet->buffer, pos);/*lint !e669 !e670 Possible data overrun*/
1245 memcpy(&temp_desc->buffer[pos + LENGTH_IP - type_len],
1246 &packet->buffer[pos],
1247 packet_len - pos);/*lint !e662 !e669 !e670 possible creation of out-of-bounds pointer*/
1248 arb_discard_packet(packet);
1249 packet_len += (LENGTH_IP - type_len);
1250 pos += (LENGTH_IP - type_len);
1251 packet = temp_desc;
1252 error_found = TRUE;
1253 }
1254 else if((ip NEQ ppp_data->ncp.req_ip) &&
1255 (ppp_data->ncp.req_ip NEQ PPP_IP_DEFAULT) &&
1256 (ppp_data->mode EQ PPP_SERVER))
1257 {
1258 error_found=TRUE;
1259 }
1260 else if(type_len > LENGTH_IP)
1261 {
1262 error_found=TRUE;
1263 }
1264 if(error_found EQ TRUE)
1265 {
1266 packet->buffer[copy_pos]=TYPE_IP;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1267 copy_pos++;
1268 packet->buffer[copy_pos]=LENGTH_IP;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1269 copy_pos++;
1270 packet->buffer[copy_pos]=(UBYTE)(ppp_data->ncp.req_ip >> 24);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1271 copy_pos++;
1272 packet->buffer[copy_pos]=(UBYTE)((ppp_data->ncp.req_ip >> 16)
1273 & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1274 copy_pos++;
1275 packet->buffer[copy_pos]=(UBYTE)((ppp_data->ncp.req_ip >> 8)
1276 & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1277 copy_pos++;
1278 packet->buffer[copy_pos]=(UBYTE)(ppp_data->ncp.req_ip
1279 & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1280 copy_pos++;
1281 }
1282 pos+= type_len;
1283 break;
1284 }
1285 code_ret = CODE_CONF_REJ;
1286 copy_pos = 4;
1287 /* fall through */
1288 case CODE_CONF_REJ:
1289 if(((analyzed & (1UL << MASK_TYPE_IP)) EQ 0) &&
1290 (((ppp_data->mode EQ PPP_SERVER) &&
1291 ((ip NEQ ppp_data->ncp.req_ip) ||
1292 (ppp_data->ncp.req_ip NEQ PPP_IP_DEFAULT))) ||
1293 ((ppp_data->mode EQ PPP_CLIENT) &&
1294 (ip NEQ PPP_IP_DEFAULT))))
1295 {
1296 analyzed|=(1UL << MASK_TYPE_IP);
1297 pos+=type_len;
1298 break;
1299 }
1300 while(type_len > 0)
1301 {
1302 packet->buffer[copy_pos]=packet->buffer[pos];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1303 copy_pos++;
1304 pos++;
1305 type_len--;
1306 }
1307 break;
1308 default:
1309 TRACE_ERROR("Packet return code invalid");
1310 break;
1311 }
1312 break;
1313 case TYPE_PDNS: /* only in server mode allowed */
1314 pdns = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1315 pdns = (pdns << 8);
1316 pdns+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1317 pdns = (pdns << 8);
1318 pdns+= packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1319 pdns = (pdns << 8);
1320 pdns+= packet->buffer[pos + 5];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1321
1322 switch(code_ret)
1323 {
1324 case CODE_CONF_ACK:
1325 if(((analyzed & (1UL << MASK_TYPE_PDNS)) EQ 0) &&
1326 (ppp_data->mode EQ PPP_SERVER) &&
1327 (type_len EQ LENGTH_PDNS) &&
1328 (((pdns EQ ppp_data->ncp.req_pdns) &&
1329 (ppp_data->ncp.req_pdns NEQ PPP_PDNS_DEFAULT)) ||
1330 ((pdns NEQ PPP_PDNS_DEFAULT) &&
1331 (ppp_data->ncp.req_pdns EQ PPP_PDNS_DEFAULT))))
1332 {
1333 analyzed|=(1UL << MASK_TYPE_PDNS);
1334 ppp_data->ncp.n_pdns = pdns;
1335 pos+= LENGTH_PDNS;
1336 break;
1337 }
1338 code_ret=CODE_CONF_NAK;
1339 /* fall through */
1340 case CODE_CONF_NAK:
1341 /*
1342 * this option will be rejected in following cases:
1343 * - occurence more than once
1344 * - client mode
1345 * - received and requested PDNS are dynamic
1346 */
1347 if(((analyzed & (1UL << MASK_TYPE_PDNS)) EQ 0) &&
1348 (ppp_data->mode EQ PPP_SERVER) &&
1349 ((pdns NEQ ppp_data->ncp.req_pdns) ||
1350 (ppp_data->ncp.req_pdns NEQ PPP_PDNS_DEFAULT)))
1351 {
1352 analyzed|=(1UL << MASK_TYPE_PDNS);
1353
1354 error_found=FALSE;
1355 if(type_len < LENGTH_PDNS)
1356 {
1357 T_desc2* temp_desc;
1358
1359 /*
1360 * create a new larger packet and copy the content
1361 * of the old packet into the new
1362 */
1363 MALLOC (temp_desc, (USHORT)(sizeof(T_desc2) - 1
1364 + packet_len
1365 + LENGTH_PDNS
1366 - type_len));
1367 temp_desc->next = packet->next;
1368 temp_desc->len = packet_len + LENGTH_PDNS - type_len;
1369 memcpy(temp_desc->buffer, packet->buffer, pos);/*lint !e669 !e670 Possible data overrun*/
1370 memcpy(&temp_desc->buffer[pos + LENGTH_PDNS - type_len],
1371 &packet->buffer[pos],
1372 packet_len - pos);/*lint !e662 !e669 !e670 possible creation of out-of-bounds pointer*/
1373 arb_discard_packet(packet);
1374 packet_len += (LENGTH_PDNS - type_len);
1375 pos += (LENGTH_PDNS - type_len);
1376 packet = temp_desc;
1377 error_found = TRUE;
1378 }
1379 else if((pdns NEQ ppp_data->ncp.req_pdns) &&
1380 (ppp_data->ncp.req_pdns NEQ PPP_PDNS_DEFAULT))
1381 {
1382 error_found=TRUE;
1383 }
1384 else if(type_len > LENGTH_PDNS)
1385 {
1386 error_found=TRUE;
1387 }
1388 if(error_found EQ TRUE)
1389 {
1390 packet->buffer[copy_pos]=TYPE_PDNS;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1391 copy_pos++;
1392 packet->buffer[copy_pos]=LENGTH_PDNS;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1393 copy_pos++;
1394 packet->buffer[copy_pos]=(UBYTE)(ppp_data->ncp.req_pdns >> 24);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1395 copy_pos++;
1396 packet->buffer[copy_pos]=(UBYTE)((ppp_data->ncp.req_pdns >> 16)
1397 & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1398 copy_pos++;
1399 packet->buffer[copy_pos]=(UBYTE)((ppp_data->ncp.req_pdns >> 8)
1400 & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1401 copy_pos++;
1402 packet->buffer[copy_pos]=(UBYTE)(ppp_data->ncp.req_pdns
1403 & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1404 copy_pos++;
1405 }
1406 pos+= type_len;
1407 break;
1408 }
1409 code_ret = CODE_CONF_REJ;
1410 copy_pos = 4;
1411 /* fall through */
1412 case CODE_CONF_REJ:
1413 if(((analyzed & (1UL << MASK_TYPE_PDNS)) EQ 0) &&
1414 (ppp_data->mode EQ PPP_SERVER) &&
1415 ((pdns NEQ ppp_data->ncp.req_pdns) ||
1416 (ppp_data->ncp.req_pdns NEQ PPP_PDNS_DEFAULT)))
1417 {
1418 analyzed|=(1UL << MASK_TYPE_PDNS);
1419 pos+=type_len;
1420 break;
1421 }
1422 while(type_len > 0)
1423 {
1424 packet->buffer[copy_pos]=packet->buffer[pos];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1425 copy_pos++;
1426 pos++;
1427 type_len--;
1428 }
1429 break;
1430 default:
1431 TRACE_ERROR("Packet return code invalid");
1432 break;
1433 }
1434 break;
1435 case TYPE_SDNS: /* only in server mode allowed */
1436 sdns = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1437 sdns = (sdns << 8);
1438 sdns+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1439 sdns = (sdns << 8);
1440 sdns+= packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1441 sdns = (sdns << 8);
1442 sdns+= packet->buffer[pos + 5];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1443
1444 switch(code_ret)
1445 {
1446 case CODE_CONF_ACK:
1447 if(((analyzed & (1UL << MASK_TYPE_SDNS)) EQ 0) &&
1448 (ppp_data->mode EQ PPP_SERVER) &&
1449 (type_len EQ LENGTH_SDNS) &&
1450 (((sdns EQ ppp_data->ncp.req_sdns) &&
1451 (ppp_data->ncp.req_sdns NEQ PPP_SDNS_DEFAULT)) ||
1452 ((sdns NEQ PPP_SDNS_DEFAULT) &&
1453 (ppp_data->ncp.req_sdns EQ PPP_SDNS_DEFAULT))))
1454 {
1455 analyzed|=(1UL << MASK_TYPE_SDNS);
1456 ppp_data->ncp.n_sdns = sdns;
1457 pos+= LENGTH_SDNS;
1458 break;
1459 }
1460 code_ret=CODE_CONF_NAK;
1461 /* fall through */
1462 case CODE_CONF_NAK:
1463 /*
1464 * this option will be rejected in following cases:
1465 * - occurence more than once
1466 * - client mode
1467 * - received and requested SDNS are dynamic
1468 */
1469 if(((analyzed & (1UL << MASK_TYPE_SDNS)) EQ 0) &&
1470 (ppp_data->mode EQ PPP_SERVER) &&
1471 ((sdns NEQ ppp_data->ncp.req_sdns) ||
1472 (ppp_data->ncp.req_sdns NEQ PPP_SDNS_DEFAULT)))
1473 {
1474 analyzed|=(1UL << MASK_TYPE_SDNS);
1475
1476 error_found=FALSE;
1477 if(type_len < LENGTH_SDNS)
1478 {
1479 T_desc2* temp_desc;
1480
1481 /*
1482 * create a new larger packet and copy the content
1483 * of the old packet into the new
1484 */
1485 MALLOC (temp_desc, (USHORT)(sizeof(T_desc2) - 1
1486 + packet_len
1487 + LENGTH_SDNS
1488 - type_len));
1489 temp_desc->next = packet->next;
1490 temp_desc->len = packet_len + LENGTH_SDNS - type_len;
1491 memcpy(temp_desc->buffer, packet->buffer, pos);/*lint !e669 !e670 Possible data overrun*/
1492 memcpy(&temp_desc->buffer[pos + LENGTH_SDNS - type_len],
1493 &packet->buffer[pos],
1494 packet_len - pos);/*lint !e662 !e669 !e670 possible creation of out-of-bounds pointer*/
1495 arb_discard_packet(packet);
1496 packet_len += (LENGTH_SDNS - type_len);
1497 pos += (LENGTH_SDNS - type_len);
1498 packet = temp_desc;
1499 error_found = TRUE;
1500 }
1501 else if((sdns NEQ ppp_data->ncp.req_sdns) &&
1502 (ppp_data->ncp.req_sdns NEQ PPP_SDNS_DEFAULT))
1503 {
1504 error_found=TRUE;
1505 }
1506 else if(type_len > LENGTH_SDNS)
1507 {
1508 error_found=TRUE;
1509 }
1510 if(error_found EQ TRUE)
1511 {
1512 packet->buffer[copy_pos]=TYPE_SDNS;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1513 copy_pos++;
1514 packet->buffer[copy_pos]=LENGTH_SDNS;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1515 copy_pos++;
1516 packet->buffer[copy_pos]=(UBYTE)(ppp_data->ncp.req_sdns >> 24);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1517 copy_pos++;
1518 packet->buffer[copy_pos]=(UBYTE)((ppp_data->ncp.req_sdns >> 16)
1519 & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1520 copy_pos++;
1521 packet->buffer[copy_pos]=(UBYTE)((ppp_data->ncp.req_sdns >> 8)
1522 & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1523 copy_pos++;
1524 packet->buffer[copy_pos]=(UBYTE)(ppp_data->ncp.req_sdns
1525 & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1526 copy_pos++;
1527 }
1528 pos+= type_len;
1529 break;
1530 }
1531 code_ret = CODE_CONF_REJ;
1532 copy_pos = 4;
1533 /* fall through */
1534 case CODE_CONF_REJ:
1535 if(((analyzed & (1UL << MASK_TYPE_SDNS)) EQ 0) &&
1536 (ppp_data->mode EQ PPP_SERVER) &&
1537 ((sdns NEQ ppp_data->ncp.req_sdns) ||
1538 (ppp_data->ncp.req_sdns NEQ PPP_SDNS_DEFAULT)))
1539 {
1540 analyzed|=(1UL << MASK_TYPE_SDNS);
1541 pos+=type_len;
1542 break;
1543 }
1544 while(type_len > 0)
1545 {
1546 packet->buffer[copy_pos]=packet->buffer[pos];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1547 copy_pos++;
1548 pos++;
1549 type_len--;
1550 }
1551 break;
1552 default:
1553 TRACE_ERROR("Packet return code invalid");
1554 break;
1555 }
1556 break;
1557 default:
1558 switch(code_ret)
1559 {
1560 case CODE_CONF_ACK:
1561 case CODE_CONF_NAK:
1562 code_ret=CODE_CONF_REJ;
1563 copy_pos=4;
1564 /* fall through */
1565 default:
1566 while(type_len > 0)
1567 {
1568 packet->buffer[copy_pos]=packet->buffer[pos];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1569 copy_pos++;
1570 pos++;
1571 type_len--;
1572 }
1573 break;
1574 }
1575 }
1576 }
1577 if(((analyzed & (1UL << MASK_TYPE_HC)) EQ 0) &&
1578 (ppp_data->ncp.s_hc EQ PPP_HC_VJ) &&
1579 (ppp_data->ncp.req_hc EQ PPP_HC_VJ) &&
1580 (code_ret NEQ CODE_CONF_REJ))
1581 {
1582 T_desc2* temp_desc;
1583 /*
1584 * add header compression to the configure Nak packet
1585 */
1586 code_ret = CODE_CONF_NAK;
1587 /*
1588 * create a new larger packet and copy the content
1589 * of the old packet into the new
1590 */
1591 MALLOC (temp_desc, (USHORT)(sizeof(T_desc2) - 1
1592 + packet_len
1593 + LENGTH_HC_VJ));
1594 temp_desc->next = packet->next;
1595 temp_desc->len = packet_len + LENGTH_HC_VJ;
1596 memcpy(temp_desc->buffer, packet->buffer, copy_pos);/*lint !e669 !e670 Possible data overrun*/
1597 arb_discard_packet(packet);
1598 packet_len+= LENGTH_HC_VJ;
1599 packet = temp_desc;
1600 /*
1601 * insert header compression option
1602 */
1603 packet->buffer[copy_pos] = TYPE_HC;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1604 copy_pos++;
1605 packet->buffer[copy_pos] = LENGTH_HC_VJ;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1606 copy_pos++;
1607 packet->buffer[copy_pos] = PROTOCOL_VJ_MSB;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1608 copy_pos++;
1609 packet->buffer[copy_pos] = PROTOCOL_VJ_LSB;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1610 copy_pos++;
1611 packet->buffer[copy_pos] = ppp_data->ncp.req_msid;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1612 copy_pos++;
1613 packet->buffer[copy_pos] = PPP_CSID_YES;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1614 copy_pos++;
1615 }
1616 /*
1617 * set new Code field in return packet
1618 */
1619 packet->buffer[0]=code_ret;
1620 *ptr_packet=packet;
1621
1622 if(copy_pos > 4)
1623 {
1624 /*
1625 * some configuration options are not acceptable
1626 */
1627 *forward=FORWARD_RCRN;
1628 /*
1629 * set new Length field
1630 */
1631 packet->len=copy_pos;
1632 packet->buffer[2]=(UBYTE)(copy_pos >> 8);/*lint !e415 !e416 creation and access of out-of-bounds pointer */
1633 packet->buffer[3]=(UBYTE)(copy_pos & 0x00ff);/*lint !e415 !e416 creation and access of out-of-bounds pointer */
1634 return;
1635 }
1636 /*
1637 * all configuration options are acceptable
1638 */
1639 *forward=FORWARD_RCRP;
1640 } /* ncp_rcr() */
1641
1642
1643
1644 /*
1645 +------------------------------------------------------------------------------
1646 | Function : ncp_rca
1647 +------------------------------------------------------------------------------
1648 | Description : The function ncp_rca() checks whether the given
1649 | Configure Ack packet is valid and if so it returns
1650 | FORWARD_RCA. Otherwise it returns FORWARD_DISCARD.
1651 |
1652 | Parameters : packet - Configure Ack packet
1653 | forward - returns result of analysis
1654 |
1655 +------------------------------------------------------------------------------
1656 */
1657 GLOBAL void ncp_rca (T_desc2* packet, UBYTE* forward)
1658 {
1659 USHORT packet_len;
1660
1661 TRACE_FUNCTION( "ncp_rca" );
1662
1663 packet_len = packet->buffer[2];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
1664 packet_len <<= 8;
1665 packet_len+= packet->buffer[3];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
1666 if((packet_len < 4) ||
1667 (packet_len > packet->len) ||
1668 (ppp_data->ncp.scr EQ FALSE) ||
1669 (packet->buffer[1] NEQ ppp_data->ncp.nscri))/*lint !e415 access of out-of-bounds pointer */
1670 {
1671 /*
1672 * invalid packet
1673 */
1674 *forward=FORWARD_DISCARD;
1675 return;
1676 }
1677 /*
1678 * acceptable packet
1679 */
1680 arb_discard_packet(packet);
1681 ppp_data->ncp.nscri++;
1682 *forward=FORWARD_RCA;
1683 } /* ncp_rca() */
1684
1685
1686
1687 /*
1688 +------------------------------------------------------------------------------
1689 | Function : ncp_rcn
1690 +------------------------------------------------------------------------------
1691 | Description : The function ncp_rcn() analyze the given
1692 | Configure Nak packet, changes some requested values and returns
1693 | FORWARD_RCN
1694 | The packet pointer points to an appropriate response packet.
1695 |
1696 | Parameters : ptr_packet - Configure Nak packet
1697 | forward - returns result of analysis
1698 |
1699 +------------------------------------------------------------------------------
1700 */
1701 GLOBAL void ncp_rcn (T_desc2** ptr_packet, UBYTE* forward)
1702 {
1703 T_desc2* packet;
1704 USHORT packet_len;
1705 UBYTE type_len;
1706 USHORT pos;
1707 USHORT protocol_hc;
1708 ULONG ip;
1709 ULONG pdns;
1710 ULONG sdns;
1711
1712 TRACE_FUNCTION( "ncp_rcn" );
1713
1714 /*
1715 * check for correct length field
1716 */
1717 packet = *ptr_packet;
1718 packet_len = packet->buffer[2];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
1719 packet_len <<= 8;
1720 packet_len+= packet->buffer[3];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
1721 if((packet_len > packet->len) ||
1722 (packet_len < 4) ||
1723 (ppp_data->ncp.scr EQ FALSE) ||
1724 (packet->buffer[1] NEQ ppp_data->ncp.nscri))/*lint !e415 access of out-of-bounds pointer */
1725 {
1726 /*
1727 * invalid packet
1728 */
1729 *forward=FORWARD_DISCARD;
1730 return;
1731 }
1732 /*
1733 * check consistence of length of packet and length of configuration options
1734 */
1735 pos=5;
1736 while(pos < packet_len)
1737 {
1738 if(packet->buffer[pos] < 2)/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1739 {
1740 *forward=FORWARD_DISCARD;
1741 return;
1742 }
1743 pos+= packet->buffer[pos];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1744 }
1745 if((pos - 1) NEQ packet_len)
1746 {
1747 *forward=FORWARD_DISCARD;
1748 return;
1749 }
1750 /*
1751 * analyze configuration options
1752 */
1753 pos=4;
1754 while(pos < packet_len)
1755 {
1756 type_len=packet->buffer[pos + 1];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1757 switch(packet->buffer[pos])/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1758 {
1759 /*
1760 * yet supported configuration options
1761 */
1762 case TYPE_HC:
1763 protocol_hc = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1764 protocol_hc <<= 8;
1765 protocol_hc+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1766 if((protocol_hc EQ DTI_PID_CTCP) &&
1767 (ppp_data->ncp.req_hc EQ PPP_HC_VJ) &&
1768 (type_len EQ LENGTH_HC_VJ))
1769 {
1770 ppp_data->ncp.s_rejected &= ~(1UL << MASK_TYPE_HC);
1771 ppp_data->ncp.s_hc = PPP_HC_VJ;
1772 ppp_data->ncp.s_msid = ppp_data->ncp.req_msid;
1773 }
1774 break;
1775 case TYPE_IP:
1776 ip = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1777 ip = ip << 8;
1778 ip+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1779 ip = ip << 8;
1780 ip+= packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1781 ip = ip << 8;
1782 ip+= packet->buffer[pos + 5];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1783
1784 if(type_len EQ LENGTH_IP)
1785 {
1786 ppp_data->ncp.s_rejected &= ~(1UL << MASK_TYPE_IP);
1787 if(ppp_data->mode EQ PPP_CLIENT)
1788 ppp_data->ncp.n_ip = ip;
1789 else if(ppp_data->ncp.req_gateway EQ PPP_GATEWAY_DEFAULT)
1790 ppp_data->ncp.n_gateway = ip;
1791 }
1792 break;
1793 case TYPE_PDNS:
1794 pdns = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1795 pdns = pdns << 8;
1796 pdns+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1797 pdns = pdns << 8;
1798 pdns+= packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1799 pdns = pdns << 8;
1800 pdns+= packet->buffer[pos + 5];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1801
1802 if((type_len EQ LENGTH_PDNS) &&
1803 (ppp_data->mode EQ PPP_CLIENT))
1804 {
1805 ppp_data->ncp.s_rejected &= ~(1UL << MASK_TYPE_PDNS);
1806 ppp_data->ncp.n_pdns = pdns;
1807 }
1808 break;
1809 case TYPE_SDNS:
1810 sdns = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1811 sdns = sdns << 8;
1812 sdns+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1813 sdns = sdns << 8;
1814 sdns+= packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1815 sdns = sdns << 8;
1816 sdns+= packet->buffer[pos + 5];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1817
1818 if((type_len EQ LENGTH_SDNS) &&
1819 (ppp_data->mode EQ PPP_CLIENT))
1820 {
1821 ppp_data->ncp.s_rejected &= ~(1UL << MASK_TYPE_SDNS);
1822 ppp_data->ncp.n_sdns = sdns;
1823 }
1824 break;
1825 default:
1826 /*
1827 * ignore unknown configuration options
1828 */
1829 break;
1830 }
1831 pos+= type_len;
1832 }
1833 /*
1834 * free this packet and create a new with changed configuration options
1835 */
1836 arb_discard_packet(packet);
1837 *forward=FORWARD_RCN;
1838 ppp_data->ncp.nscri++;
1839 ncp_get_scr(&packet);
1840 *ptr_packet=packet;
1841 } /* ncp_rcn() */
1842
1843
1844
1845 /*
1846 +------------------------------------------------------------------------------
1847 | Function : ncp_rcj
1848 +------------------------------------------------------------------------------
1849 | Description : The function ncp_rcj() analyze the given
1850 | Configure Reject packet, marks some values as rejected and
1851 | returns FORWARD_RCJ
1852 | The packet pointer points to an appropriate response packet.
1853 |
1854 | Parameters : ptr_packet - pointer to a Configure Reject packet
1855 | forward - returns result of analysis
1856 |
1857 +------------------------------------------------------------------------------
1858 */
1859 GLOBAL void ncp_rcj (T_desc2** ptr_packet, UBYTE* forward)
1860 {
1861 T_desc2* packet;
1862 USHORT packet_len;
1863 UBYTE type_len;
1864 USHORT pos;
1865
1866 TRACE_FUNCTION( "ncp_rcj" );
1867
1868 /*
1869 * check for correct length field
1870 */
1871 packet = *ptr_packet;
1872 packet_len = packet->buffer[2];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
1873 packet_len <<= 8;
1874 packet_len+= packet->buffer[3];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
1875 if((packet_len > packet->len) ||
1876 (packet_len < 4) ||
1877 (ppp_data->ncp.scr EQ FALSE) ||
1878 (packet->buffer[1] NEQ ppp_data->ncp.nscri))/*lint !e415 access of out-of-bounds pointer */
1879 {
1880 /*
1881 * invalid packet
1882 */
1883 *forward=FORWARD_DISCARD;
1884 return;
1885 }
1886 /*
1887 * check consistence of length of packet and length of configuration options
1888 */
1889 pos=5;
1890 while(pos < packet_len)
1891 {
1892 if(packet->buffer[pos] < 2)/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1893 {
1894 *forward=FORWARD_DISCARD;
1895 return;
1896 }
1897 pos+= packet->buffer[pos];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1898 }
1899 if((pos - 1) NEQ packet_len)
1900 {
1901 *forward=FORWARD_DISCARD;
1902 return;
1903 }
1904 /*
1905 * analyze configuration options
1906 */
1907 pos=4;
1908 while(pos < packet_len)
1909 {
1910 type_len=packet->buffer[pos + 1];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1911 switch(packet->buffer[pos])/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
1912 {
1913 /*
1914 * yet supported configuration options
1915 */
1916 case TYPE_HC:
1917 ppp_data->ncp.s_rejected|= (1UL << MASK_TYPE_HC);
1918 ppp_data->ncp.s_hc = PPP_HC_DEFAULT;
1919 break;
1920 case TYPE_IP:
1921 if (ppp_data->mode EQ PPP_CLIENT)
1922 { /* error: server has to support valid IP address */
1923 *forward=FORWARD_DISCARD;
1924 return;
1925 }
1926 ppp_data->ncp.s_rejected |= (1UL << MASK_TYPE_IP);
1927 break;
1928 case TYPE_PDNS:
1929 ppp_data->ncp.s_rejected |= (1UL << MASK_TYPE_PDNS);
1930 break;
1931 case TYPE_SDNS:
1932 ppp_data->ncp.s_rejected |= (1UL << MASK_TYPE_SDNS);
1933 break;
1934 default:
1935 /*
1936 * ignore unknown configuration options
1937 */
1938 break;
1939 }
1940 pos+= type_len;
1941 }
1942 /*
1943 * free this packet and create a new with changed configuration options
1944 */
1945 arb_discard_packet(packet);
1946 *forward=FORWARD_RCN;
1947 ppp_data->ncp.nscri++;
1948 ncp_get_scr(&packet);
1949 *ptr_packet=packet;
1950 } /* ncp_rcj() */
1951
1952
1953
1954 /*
1955 +------------------------------------------------------------------------------
1956 | Function : ncp_rtr
1957 +------------------------------------------------------------------------------
1958 | Description : The function ncp_rtr() checks whether the given
1959 | Terminate Request packet is valid and if so it returns
1960 | FORWARD_RCA. Otherwise it returns FORWARD_DISCARD.
1961 |
1962 | Parameters : ptr_packet - pointer to a Terminate Request packet
1963 | forward - returns result of analysis
1964 |
1965 +------------------------------------------------------------------------------
1966 */
1967 GLOBAL void ncp_rtr (T_desc2** ptr_packet, UBYTE* forward)
1968 {
1969 T_desc2* packet;
1970 USHORT packet_len;
1971
1972 TRACE_FUNCTION( "ncp_rtr" );
1973
1974 /*
1975 * check for correct length field
1976 */
1977 packet = *ptr_packet;
1978 packet_len = packet->buffer[2];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
1979 packet_len <<= 8;
1980 packet_len+= packet->buffer[3];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
1981 if((packet_len < 4) || (packet_len > packet->len))
1982 {
1983 *forward=FORWARD_DISCARD;
1984 return;
1985 }
1986
1987 /*
1988 * change code field
1989 */
1990 packet->buffer[0]=CODE_TERM_ACK;
1991
1992 *forward=FORWARD_RTR;
1993 } /* ncp_rtr() */
1994
1995
1996
1997 /*
1998 +------------------------------------------------------------------------------
1999 | Function : ncp_rta
2000 +------------------------------------------------------------------------------
2001 | Description : The function ncp_rta() checks whether the given
2002 | Terminate Ack packet is valid and if so it returns
2003 | FORWARD_RTA. Otherwise it returns FORWARD_DISCARD.
2004 |
2005 | Parameters : packet - Terminate Ack packet
2006 | forward - returns result of analysis
2007 |
2008 +------------------------------------------------------------------------------
2009 */
2010 GLOBAL void ncp_rta (T_desc2* packet, UBYTE* forward)
2011 {
2012 USHORT packet_len;
2013
2014 TRACE_FUNCTION( "ncp_rta" );
2015
2016 /*
2017 * check for correct length field
2018 */
2019 packet_len = packet->buffer[2];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
2020 packet_len <<= 8;
2021 packet_len+= packet->buffer[3];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
2022 if((packet_len < 4) || (packet_len > packet->len))
2023 {
2024 *forward=FORWARD_DISCARD;
2025 return;
2026 }
2027
2028 if((ppp_data->ncp.str EQ TRUE) &&
2029 (packet->buffer[1] NEQ ppp_data->ncp.nstri))/*lint !e415 access of out-of-bounds pointer */
2030 {
2031 /*
2032 * invalid packet
2033 */
2034 *forward=FORWARD_DISCARD;
2035 return;
2036 }
2037 /*
2038 * acceptable packet
2039 */
2040 arb_discard_packet(packet);
2041 ppp_data->ncp.nstri++;
2042 *forward=FORWARD_RTA;
2043 } /* ncp_rta() */
2044
2045
2046
2047 /*
2048 +------------------------------------------------------------------------------
2049 | Function : ncp_rxj
2050 +------------------------------------------------------------------------------
2051 | Description : The function ncp_rxj() analyzes whether the given Code Reject
2052 | is acceptable. If not it returns FORWARD_RXJN.
2053 |
2054 | Parameters : ptr_packet - Pointer to a Code Reject packet
2055 | forward - returns result of analysis
2056 |
2057 +------------------------------------------------------------------------------
2058 */
2059 GLOBAL void ncp_rxj (T_desc2** ptr_packet, UBYTE* forward)
2060 {
2061 USHORT packet_len;
2062 T_desc2* packet;
2063
2064 TRACE_FUNCTION( "ncp_rxj" );
2065
2066 /*
2067 * check for correct length field
2068 */
2069 packet = *ptr_packet;
2070 packet_len = packet->buffer[2];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
2071 packet_len <<= 8;
2072 packet_len+= packet->buffer[3];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
2073 if((packet_len < 5) || (packet_len > packet->len))
2074 {
2075 *forward=FORWARD_DISCARD;
2076 return;
2077 }
2078
2079 switch(packet->buffer[4])/*lint !e415 !e416 creation and access of out-of-bounds pointer */
2080 {
2081 case CODE_CONF_REQ:
2082 case CODE_CONF_REJ:
2083 case CODE_CONF_NAK:
2084 case CODE_CONF_ACK:
2085 case CODE_TERM_REQ:
2086 case CODE_TERM_ACK:
2087 case CODE_CODE_REJ:
2088 arb_discard_packet(packet);
2089 ncp_get_str(&packet);
2090 *ptr_packet = packet;
2091 *forward = FORWARD_RXJN;
2092 break;
2093 default:
2094 *forward=FORWARD_DISCARD;
2095 break;
2096 }
2097 } /* ncp_rxj() */
2098
2099
2100
2101 /*
2102 +------------------------------------------------------------------------------
2103 | Function : ncp_ruc
2104 +------------------------------------------------------------------------------
2105 | Description : The function ncp_ruc() creates a Code Reject packet and returns
2106 | FORWARD_RUC.
2107 |
2108 | Parameters : ptr_packet - packet with unknown code
2109 | forward - returns result of analysis
2110 |
2111 +------------------------------------------------------------------------------
2112 */
2113 GLOBAL void ncp_ruc (T_desc2** ptr_packet, UBYTE* forward)
2114 {
2115 T_desc2* packet;
2116 T_desc2* temp_desc;
2117 USHORT packet_len;
2118
2119 TRACE_FUNCTION( "ncp_ruc" );
2120
2121 /*
2122 * check for correct length field
2123 */
2124 packet = *ptr_packet;
2125 packet_len = packet->buffer[2];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
2126 packet_len <<= 8;
2127 packet_len+= packet->buffer[3];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
2128 if((packet->len < packet_len) || (packet_len < 4))
2129 {
2130 *forward=FORWARD_DISCARD;
2131 return;
2132 }
2133
2134 /*
2135 * create a new larger packet and copy the content
2136 * of the old packet into the new
2137 */
2138 packet_len+=4;
2139 if(packet_len > PPP_MRU_MIN)
2140 packet_len = PPP_MRU_MIN;
2141 MALLOC (temp_desc, (USHORT)(sizeof(T_desc2) - 1 + packet_len));
2142
2143 temp_desc->next = packet->next;
2144 temp_desc->len = packet_len;
2145 memcpy(&temp_desc->buffer[4], packet->buffer, packet_len - 4);/*lint !e416 !e669 !e670 creation of out-of-bounds pointer */
2146 arb_discard_packet(packet);
2147 packet = temp_desc;
2148
2149 /*
2150 * fill the first bytes to create a Code Reject
2151 */
2152 packet->buffer[0] = CODE_CODE_REJ;
2153 ppp_data->ncp.nscji++;
2154 packet->buffer[1] = ppp_data->ncp.nscji;/*lint !e415 access of out-of-bounds pointer */
2155 packet->buffer[2] = (UBYTE)(packet_len >> 8);/*lint !e415 !e416 creation and access of out-of-bounds pointer */
2156 packet->buffer[3] = (UBYTE)(packet_len & 0x00ff);/*lint !e415 !e416 creation and access of out-of-bounds pointer */
2157
2158 /*
2159 * set return values
2160 */
2161 *ptr_packet=packet;
2162 *forward=FORWARD_RUC;
2163
2164 } /* ncp_ruc() */