DF-0270
OOB read in PAP ACK/NAK debug: wrong bound len+4 should be len-4
Summary
PAP_ACK(:4390) and PAP_NAK(:4426) debug: name_len<len+4 guard should be name_len<len-4. name at offset 5, name_len at offset 4. Off by 8. sppp_print_string walks past valid mbuf data -> stale bytes to syslog. IFF_DEBUG only.