summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHakan Olsson <ho@cvs.openbsd.org>2004-06-23 00:56:46 +0000
committerHakan Olsson <ho@cvs.openbsd.org>2004-06-23 00:56:46 +0000
commit6f0e73bdee5483812a904e4afc1fd73345802285 (patch)
tree56c124183754274f48571786fea3a672ae7ca793
parent8e90f25e8cf2bb4b4cce48c6fa1dded9f31dc090 (diff)
Support IPV{4,6}_ADDR_SUBNET IDs in Phase 1, just like the man page
says we do. Noted and tested by alex at vbone.net. Also avoid a potential SEGV here. hshoexer@ok
-rw-r--r--sbin/isakmpd/ike_phase_1.c49
1 files changed, 45 insertions, 4 deletions
diff --git a/sbin/isakmpd/ike_phase_1.c b/sbin/isakmpd/ike_phase_1.c
index 400adab618e..96d3e656d87 100644
--- a/sbin/isakmpd/ike_phase_1.c
+++ b/sbin/isakmpd/ike_phase_1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_phase_1.c,v 1.52 2004/06/20 17:17:35 ho Exp $ */
+/* $OpenBSD: ike_phase_1.c,v 1.53 2004/06/23 00:56:45 ho Exp $ */
/* $EOM: ike_phase_1.c,v 1.31 2000/12/11 23:47:56 niklas Exp $ */
/*
@@ -799,7 +799,7 @@ ike_phase_1_send_ID(struct message *msg)
int initiator = exchange->initiator;
u_int8_t **id;
size_t *id_len;
- char *my_id = 0;
+ char *my_id = 0, *data;
u_int8_t id_type;
/* Choose the right fields to fill-in. */
@@ -836,11 +836,52 @@ ike_phase_1_send_ID(struct message *msg)
sockaddr_addrdata(src), sockaddr_addrlen(src));
break;
+ case IPSEC_ID_IPV4_ADDR_SUBNET:
+ case IPSEC_ID_IPV6_ADDR_SUBNET:
+ /* Network */
+ data = conf_get_str(my_id, "Network");
+ if (!data) {
+ log_print("ike_phase_1_send_ID: section %s "
+ "has no \"Network\" tag", my_id);
+ return -1;
+ }
+ if (text2sockaddr(data, NULL, &src)) {
+ log_error("ike_phase_1_send_ID: "
+ "text2sockaddr() failed");
+ return -1;
+ }
+ memcpy(buf + ISAKMP_ID_DATA_OFF,
+ sockaddr_addrdata(src), sockaddr_addrlen(src));
+ free(src);
+ /* Netmask */
+ data = conf_get_str(my_id, "Netmask");
+ if (!data) {
+ log_print("ike_phase_1_send_ID: section %s "
+ "has no \"Netmask\" tag", my_id);
+ return -1;
+ }
+ if (text2sockaddr(data, NULL, &src)) {
+ log_error("ike_phase_1_send_ID: "
+ "text2sockaddr() failed");
+ return -1;
+ }
+ memcpy(buf + ISAKMP_ID_DATA_OFF +
+ sockaddr_addrlen(src), sockaddr_addrdata(src),
+ sockaddr_addrlen(src));
+ free(src);
+ break;
+
case IPSEC_ID_FQDN:
case IPSEC_ID_USER_FQDN:
case IPSEC_ID_KEY_ID:
- memcpy(buf + ISAKMP_ID_DATA_OFF, conf_get_str(my_id,
- "Name"), sz - ISAKMP_ID_DATA_OFF);
+ data = conf_get_str(my_id, "Name");
+ if (!data) {
+ log_print("ike_phase_1_send_ID: section %s "
+ "has no \"Name\" tag", my_id);
+ return -1;
+ }
+ memcpy(buf + ISAKMP_ID_DATA_OFF, data,
+ sz - ISAKMP_ID_DATA_OFF);
break;
default: