Package: pppoe
Version: 3.5-4
Severity: important
pppoe-server uses snprintf() to build a pppoe command line. Somewhere between
pppoe-3.3 and pppoe-3.5, an extra parameter was added, but the order is mixed
up. Here's the relevant section of a diff between 3.3 and 3.5:
- snprintf(buffer, SMALLBUF, "%s -n -I %s -e
%d:%02x:%02x:%02x:%02x:%02x:%02x%s",
+ /* Let's hope service-name does not have ' in it... */
+ snprintf(buffer, SMALLBUF, "%s -n -I %s -e
%d:%02x:%02x:%02x:%02x:%02x:%02x%s -S '%s'",
PPPOE_PATH, session->ethif->name,
ntohs(session->sess),
session->eth[0], session->eth[1], session->eth[2],
session->eth[3], session->eth[4], session->eth[5],
+ session->serviceName,
PppoeOptions);
As you can see above, the "-S '%s'" was added to the end of the format
string, but the serviceName, which should corresponds to it, got added in the
next-to-last argument position. So the PppoeOptions (which includes things
like -m mtu and -T timeout) are being used as a service name, and the service
name is getting crammed onto the end of the peer's MAC address. (PppoeOptions
begins with a space so it would not be crammed up against the MAC address if
it were in that position. serviceName is most often an empty string, which
explains why its bad positioning hasn't been noticed.)
The solution is to reverse the last 2 args in that snprintf.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.29
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages pppoe depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii ppp 2.4.3-20050321+2 Point-to-Point Protocol (PPP) daem
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
