diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2004-06-21 23:10:32 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2004-06-21 23:10:32 +0000 |
| commit | 4f2aeb6ec42bc9958eeb76f6cc64683704ba9e9a (patch) | |
| tree | 80baccc24af7fcc75e1abca10cc1dea403e3b1b3 | |
| parent | 1b3b9f82a1ca98f19ff64c4cb44b0e50b7eaf292 (diff) | |
don't accept SADB_X_EXT_UDPENCAP if encapsulation is disabled; ok ho@
| -rw-r--r-- | sys/net/pfkeyv2.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c index 91ffab60299..5a24335c4b4 100644 --- a/sys/net/pfkeyv2.c +++ b/sys/net/pfkeyv2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2.c,v 1.90 2003/12/02 23:16:29 markus Exp $ */ +/* $OpenBSD: pfkeyv2.c,v 1.91 2004/06/21 23:10:31 markus Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 @@ -904,9 +904,10 @@ pfkeyv2_send(struct socket *socket, void *message, int len) rval = EINVAL; goto ret; } - /* UDP encapsulation is only supported for ESP */ - if (smsg->sadb_msg_satype != SADB_SATYPE_ESP && - headers[SADB_X_EXT_UDPENCAP]) { + /* UDP encap has to be enabled and is only supported for ESP */ + if (headers[SADB_X_EXT_UDPENCAP] && + (!udpencap_enable || + smsg->sadb_msg_satype != SADB_SATYPE_ESP)) { rval = EINVAL; goto ret; } @@ -1054,9 +1055,10 @@ pfkeyv2_send(struct socket *socket, void *message, int len) rval = EINVAL; goto ret; } - /* UDP encapsulation is only supported for ESP */ - if (smsg->sadb_msg_satype != SADB_SATYPE_ESP && - headers[SADB_X_EXT_UDPENCAP]) { + /* UDP encap has to be enabled and is only supported for ESP */ + if (headers[SADB_X_EXT_UDPENCAP] && + (!udpencap_enable || + smsg->sadb_msg_satype != SADB_SATYPE_ESP)) { rval = EINVAL; goto ret; } |