summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAngelos D. Keromytis <angelos@cvs.openbsd.org>2001-06-01 08:18:28 +0000
committerAngelos D. Keromytis <angelos@cvs.openbsd.org>2001-06-01 08:18:28 +0000
commitdaa9c455ce0f2d9b8edbf41447ead13cf0a8d5a4 (patch)
tree286653887719de77c7b97102ff8f221bdcd237a1
parent905700f8e336eb14d20da3336698af2a983d072d (diff)
Merge two m_copydata() calls into one, and (hopefully) correct the
self-describing padding verification.
-rw-r--r--sys/netinet/ip_ipsp.c25
1 files changed, 17 insertions, 8 deletions
diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c
index 3e9d0de033e..fdb28b94d7d 100644
--- a/sys/netinet/ip_ipsp.c
+++ b/sys/netinet/ip_ipsp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipsp.c,v 1.123 2001/06/01 07:56:46 angelos Exp $ */
+/* $OpenBSD: ip_ipsp.c,v 1.124 2001/06/01 08:18:27 angelos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -1469,9 +1469,15 @@ ipsp_parse_headers(struct mbuf *m, int off, u_int8_t proto)
m_copydata(m, m->m_pkthdr.len - trail - 8, 8, lasteight);
/* Verify the self-describing padding values */
- for (i = 5; lasteight[i + 1] != 0 && i >= 0; i--)
- if (lasteight[i + 1] != lasteight[i] + 1)
- return tags.lh_first;
+ if (lasteight[6] != 0)
+ {
+ if (lasteight[6] != lasteight[5])
+ return tags.lh_first;
+
+ for (i = 4; lasteight[i + 1] != 1 && i >= 0; i--)
+ if (lasteight[i + 1] != lasteight[i] + 1)
+ return tags.lh_first;
+ }
}
/* Fall through */
case IPPROTO_AH:
@@ -1483,6 +1489,7 @@ ipsp_parse_headers(struct mbuf *m, int off, u_int8_t proto)
tdbi = (struct tdb_ident *) (mtag + 1);
bzero(tdbi, sizeof(struct tdb_ident));
+ /* Get SPI off the relevant header */
if (proto == IPPROTO_AH)
m_copydata(m, off + sizeof(u_int32_t), sizeof(u_int32_t),
(caddr_t) &tdbi->spi);
@@ -1516,13 +1523,15 @@ ipsp_parse_headers(struct mbuf *m, int off, u_int8_t proto)
/* Update next protocol/header and header offset */
if (proto == IPPROTO_AH)
{
- m_copydata(m, off, sizeof(u_int8_t), (caddr_t) &proto);
- m_copydata(m, off + sizeof(u_int8_t), sizeof(u_int8_t),
- (caddr_t) &s);
- off += (s + 2) << 2;
+ u_int8_t foo[2];
+
+ m_copydata(m, off, 2 * sizeof(u_int8_t), foo);
+ proto = foo[0];
+ off += (foo[1] + 2) << 2;
}
else /* IPPROTO_ESP */
{
+ /* Initialized in IPPROTO_ESP case */
off += esphlen;
proto = lasteight[7];
}