[src/netbsd-2]: src/crypto/dist/kame/racoon Apply patch (requested by adrianp...

[tron <tron%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/1140a0f6f73a
branches:  netbsd-2
changeset: 564411:1140a0f6f73a
user:      tron <tron%NetBSD.org@localhost>
date:      Thu Jan 19 21:39:38 2006 +0000

description:
Apply patch (requested by adrianp in ticket #10224):
Fix denial of service vulnerabilityin racoon(8).

diffstat:

 crypto/dist/kame/racoon/isakmp_agg.c |  14 +++++++++++---
 1 files changed, 11 insertions(+), 3 deletions(-)

diffs (38 lines):

diff -r c3ecf1372dd3 -r 1140a0f6f73a crypto/dist/kame/racoon/isakmp_agg.c
--- a/crypto/dist/kame/racoon/isakmp_agg.c      Mon Jan 09 13:30:22 2006 +0000
+++ b/crypto/dist/kame/racoon/isakmp_agg.c      Thu Jan 19 21:39:38 2006 +0000
@@ -32,7 +32,7 @@
 /* Aggressive Exchange (Aggressive Mode) */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: isakmp_agg.c,v 1.2.2.1 2004/06/17 12:38:10 tron Exp $");
+__RCSID("$NetBSD: isakmp_agg.c,v 1.2.2.1.2.1 2006/01/19 21:39:38 tron Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -342,7 +342,11 @@
        }
 
        /* payload existency check */
-       /* XXX to be checked each authentication method. */
+       if (iph1->dhpub_p == NULL || iph1->nonce_p == NULL) {
+               plog(LLV_ERROR, LOCATION, iph1->remote,
+                       "few isakmp message received.\n");
+               goto end;
+       }       
 
        /* verify identifier */
        if (ipsecdoi_checkid1(iph1) != 0) {
@@ -674,7 +678,11 @@
        }
 
        /* payload existency check */
-       /* XXX to be checked each authentication method. */
+       if (iph1->dhpub_p == NULL || iph1->nonce_p == NULL) {
+               plog(LLV_ERROR, LOCATION, iph1->remote,
+                       "few isakmp message received.\n");
+               goto end;
+       }
 
        /* verify identifier */
        if (ipsecdoi_checkid1(iph1) != 0) {