meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-ivm.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

Subject: [PATCH] ipsec-tools: racoon: check several invalid ivm

Upstream-Status: Pending

Add checking for invalid ivm, or it will crash racoon.

Signed-off-by: Ming Liu <ming.liu@windriver.com>
---
 isakmp_cfg.c |    5 +++++
 1 file changed, 5 insertions(+)

diff -urpN a/src/racoon/isakmp_cfg.c b/src/racoon/isakmp_cfg.c
--- a/src/racoon/isakmp_cfg.c
+++ b/src/racoon/isakmp_cfg.c
@@ -171,6 +171,11 @@ isakmp_cfg_r(iph1, msg)
 	    iph1->mode_cfg->last_msgid != packet->msgid )
 		iph1->mode_cfg->ivm = 
 		    isakmp_cfg_newiv(iph1, packet->msgid);
+	if(iph1->mode_cfg->ivm == NULL) {
+		plog(LLV_ERROR, LOCATION, NULL, 
+		    "failed to create new IV\n");
+		return;
+	}
 	ivm = iph1->mode_cfg->ivm;
 
 	dmsg = oakley_do_decrypt(iph1, msg, ivm->iv, ivm->ive);