Description: Fix buffer overflow in rc_mksid()
 rc_mksid converts the PID of pppd to hex to generate a pseudo-unique string.
 .
 If the process id is bigger than 65535 (FFFF), its hex representation will be
 longer than 4 characters, resulting in a buffer overflow.
 .
 The bug can be exploited to cause a remote DoS.
 .
Author: Emanuele Rocca <ema@debian.org>
Bug-Debian: https://bugs.debian.org/782450
Last-Update: <2015-04-14>

--- ppp-2.4.6.orig/pppd/plugins/radius/util.c
+++ ppp-2.4.6/pppd/plugins/radius/util.c
@@ -77,7 +77,7 @@ rc_mksid (void)
   static unsigned short int cnt = 0;
   sprintf (buf, "%08lX%04X%02hX",
 	   (unsigned long int) time (NULL),
-	   (unsigned int) getpid (),
+	   (unsigned int) getpid () % 65535,
 	   cnt & 0xFF);
   cnt++;
   return buf;