[src/netbsd-1-6]: src/crypto/dist/kame/racoon Pullup patch (requested by itoj...

[jmc <jmc%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/a9033cc64485
branches:  netbsd-1-6
changeset: 531254:a9033cc64485
user:      jmc <jmc%NetBSD.org@localhost>
date:      Wed Apr 07 04:28:51 2004 +0000

description:
Pullup patch (requested by itojun in ticket #1644)

Reject packet with too big isakmp message length field.

diffstat:

 crypto/dist/kame/racoon/isakmp.c |  12 ++++++++++++
 1 files changed, 12 insertions(+), 0 deletions(-)

diffs (22 lines):

diff -r 75977f8164d0 -r a9033cc64485 crypto/dist/kame/racoon/isakmp.c
--- a/crypto/dist/kame/racoon/isakmp.c  Tue Apr 06 21:13:19 2004 +0000
+++ b/crypto/dist/kame/racoon/isakmp.c  Wed Apr 07 04:28:51 2004 +0000
@@ -186,6 +186,18 @@
                goto end;
        }
 
+       /* reject it if the size is tooooo big. */
+       if (ntohl(isakmp.len) > 0xffff) {
+               plog(LLV_ERROR, LOCATION, NULL,
+                       "the length of the isakmp header is too big.\n");
+               if ((len = recvfrom(so_isakmp, (char *)&isakmp, sizeof(isakmp),
+                           0, (struct sockaddr *)&remote, &remote_len)) < 0) {
+                       plog(LLV_ERROR, LOCATION, NULL,
+                               "failed to receive isakmp packet\n");
+               }
+               goto end;
+       }
+
        /* read real message */
        if ((buf = vmalloc(ntohl(isakmp.len))) == NULL) {
                plog(LLV_ERROR, LOCATION, NULL,