drivers: net: ppp: fix removing CRC16 from packet

CRC16 was removed by simply decreasing length of the last fragment by 2.
This worked as long as last fragment was longer than 1 byte. If not,
then last fragment was corrupted (its length ended up being 65535),
leading to undefined behavior.

Fix CRC16 removal by utilizing recently introduced
net_pkt_remove_tail(), that properly handles multiple fragments.

Reported-by: Jim Paris <[email protected]>
Signed-off-by: Marcin Niestroj <[email protected]>

Author: mniestroj

drivers/net/ppp.c

@@ -416,8 +416,8 @@ static void ppp_process_msg(struct ppp_driver_context *ppp)
 #endif
 			net_pkt_unref(ppp->pkt);
 		} else {
-			/* Skip FCS bytes (2) */
-			net_buf_frag_last(ppp->pkt->buffer)->len -= 2;
+			/* Remove FCS bytes (2) */
+			net_pkt_remove_tail(ppp->pkt, 2);
 
 			/* Make sure we now start reading from PPP header in
 			 * PPP L2 recv()