diff options
| author | tobhe <tobhe@cvs.openbsd.org> | 2020-11-25 22:17:15 +0000 |
|---|---|---|
| committer | tobhe <tobhe@cvs.openbsd.org> | 2020-11-25 22:17:15 +0000 |
| commit | f249f321f4d49ead18fd184da6b333fdc98a88ab (patch) | |
| tree | ac5471fbc5a31876d22c8fe9498f82403d49003c /sbin/iked/config.c | |
| parent | eb7c0285009ad423a64e3fd6071c45853760d7f5 (diff) | |
Fix proposal error handling. If a proposal contains an unknown transform
type or id, ignore the proposal instead of failing the exchange.
ok patrick@
Diffstat (limited to 'sbin/iked/config.c')
| -rw-r--r-- | sbin/iked/config.c | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/sbin/iked/config.c b/sbin/iked/config.c index 5985c5303fa..ecf03e64cd3 100644 --- a/sbin/iked/config.c +++ b/sbin/iked/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.72 2020/10/29 21:49:58 tobhe Exp $ */ +/* $OpenBSD: config.c,v 1.73 2020/11/25 22:17:13 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -259,6 +259,15 @@ config_add_proposal(struct iked_proposals *head, unsigned int id, } void +config_free_proposal(struct iked_proposals *head, struct iked_proposal *prop) +{ + TAILQ_REMOVE(head, prop, prop_entry); + if (prop->prop_nxforms) + free(prop->prop_xforms); + free(prop); +} + +void config_free_proposals(struct iked_proposals *head, unsigned int proto) { struct iked_proposal *prop, *proptmp; @@ -270,10 +279,7 @@ config_free_proposals(struct iked_proposals *head, unsigned int proto) log_debug("%s: free %p", __func__, prop); - TAILQ_REMOVE(head, prop, prop_entry); - if (prop->prop_nxforms) - free(prop->prop_xforms); - free(prop); + config_free_proposal(head, prop); } } @@ -326,7 +332,7 @@ config_free_childsas(struct iked *env, struct iked_childsas *head, } } -struct iked_transform * +int config_add_transform(struct iked_proposal *prop, unsigned int type, unsigned int id, unsigned int length, unsigned int keylength) { @@ -353,7 +359,7 @@ config_add_transform(struct iked_proposal *prop, unsigned int type, break; default: log_debug("%s: invalid transform type %d", __func__, type); - return (NULL); + return (-2); } for (i = 0; i < prop->prop_nxforms; i++) { @@ -361,7 +367,7 @@ config_add_transform(struct iked_proposal *prop, unsigned int type, if (xform->xform_type == type && xform->xform_id == id && xform->xform_length == length) - return (xform); + return (0); } for (i = 0; i < prop->prop_nxforms; i++) { @@ -384,7 +390,7 @@ config_add_transform(struct iked_proposal *prop, unsigned int type, if ((xform = reallocarray(prop->prop_xforms, prop->prop_nxforms + 1, sizeof(*xform))) == NULL) { - return (NULL); + return (-1); } prop->prop_xforms = xform; @@ -398,7 +404,7 @@ config_add_transform(struct iked_proposal *prop, unsigned int type, xform->xform_score = score; xform->xform_map = map; - return (xform); + return (0); } struct iked_transform * @@ -772,7 +778,7 @@ config_getpolicy(struct iked *env, struct imsg *imsg) if (config_add_transform(prop, xf.xform_type, xf.xform_id, xf.xform_length, - xf.xform_keylength) == NULL) + xf.xform_keylength) != 0) fatal("config_getpolicy: add transform"); } } |