Correct two bugs that may result in incorrect CBCP response for

administrator specified number.

The implementation in our version transmits extra zero byte that is a
violation of the Microsoft PPP Callback Control Protocol section 3.2[1].
This can lead to incorrect behavior on certain devices, as reported
in bin/50613.

Confirmed with:	cbcp.c in ppp's cvs, rev. 1.4 and 1.15 [2]

Submitted by:	Dmitry Pryanishnikov <dmitry at atlantis.dp.ua>
PR:		bin/50613

[1] http://www.dsl.gr.jp/~manabe/PPxP/doc/Standards/draft-gidwani-ppp-callback-cp-00.txt
[2] http://cvs.samba.org/cgi-bin/cvsweb/ppp/pppd/cbcp.c
    http://www.samba.org/cvs.html

1 files changed, 3 insertions, 5 deletions

diff --git a/usr.sbin/pppd/cbcp.c b/usr.sbin/pppd/cbcp.c
index f72fe9efd7e2..27b88659ba1b 100644
--- a/usr.sbin/pppd/cbcp.c
+++ b/usr.sbin/pppd/cbcp.c
@@ -344,10 +344,9 @@ cbcp_resp(us)
     if (cb_type & ( 1 << CB_CONF_ADMIN ) ) {
 	syslog(LOG_DEBUG, "cbcp_resp CONF_ADMIN");
         PUTCHAR(CB_CONF_ADMIN, bufp);
-	len = 3 + 1;
-	PUTCHAR(len , bufp);
+	len = 3;
+	PUTCHAR(len, bufp);
 	PUTCHAR(5, bufp); /* delay */
-	PUTCHAR(0, bufp);
 	cbcp_send(us, CBCP_RESP, buf, len);
 	return;
     }
@@ -355,9 +354,8 @@ cbcp_resp(us)
     if (cb_type & ( 1 << CB_CONF_NO ) ) {
         syslog(LOG_DEBUG, "cbcp_resp CONF_NO");
 	PUTCHAR(CB_CONF_NO, bufp);
-	len = 3;
+	len = 2;
 	PUTCHAR(len , bufp);
-	PUTCHAR(0, bufp);
 	cbcp_send(us, CBCP_RESP, buf, len);
 	(*ipcp_protent.open)(us->us_unit);
 	return;