summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
diff options
context:
space:
mode:
authorNiklas Hallqvist <niklas@cvs.openbsd.org>2000-06-19 02:25:45 +0000
committerNiklas Hallqvist <niklas@cvs.openbsd.org>2000-06-19 02:25:45 +0000
commit1bbd811d196789b9603929900928d4d58bf0fe4a (patch)
tree3a21443e5e5e7c651ec0b24cd37a593dc4c2a484 /sbin/isakmpd
parent4d55be1031be58d8e6e8f228d99ee5a70bc7dd58 (diff)
Merge with EOM 1.145
author: ho Recognize and handle reserved and private payloads differently. A private payload in a message is ignored. A message containing a reserved payload is dropped.
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r--sbin/isakmpd/message.c17
1 files changed, 14 insertions, 3 deletions
diff --git a/sbin/isakmpd/message.c b/sbin/isakmpd/message.c
index 70e1aa53573..baff25ad79a 100644
--- a/sbin/isakmpd/message.c
+++ b/sbin/isakmpd/message.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: message.c,v 1.30 2000/02/25 17:23:41 niklas Exp $ */
-/* $EOM: message.c,v 1.144 2000/02/20 19:58:40 niklas Exp $ */
+/* $OpenBSD: message.c,v 1.31 2000/06/19 02:25:44 niklas Exp $ */
+/* $EOM: message.c,v 1.145 2000/06/13 16:25:10 ho Exp $ */
/*
* Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved.
@@ -252,7 +252,8 @@ message_parse_payloads (struct message *msg, struct payload *p, u_int8_t next,
/* Look at the next payload's type. */
next = GET_ISAKMP_GEN_NEXT_PAYLOAD (buf);
- if (next >= ISAKMP_PAYLOAD_RESERVED_MIN)
+ if (next >= ISAKMP_PAYLOAD_RESERVED_MIN &&
+ next <= ISAKMP_PAYLOAD_RESERVED_MAX)
{
log_print ("message_parse_payloads: invalid next payload type %d "
"in payload of type %d", next, payload);
@@ -273,6 +274,15 @@ message_parse_payloads (struct message *msg, struct payload *p, u_int8_t next,
*/
len = GET_ISAKMP_GEN_LENGTH (buf);
+ /* Ignore private payloads. */
+ if (next >= ISAKMP_PAYLOAD_PRIVATE_MIN)
+ {
+ log_debug (LOG_MESSAGE, 30,
+ "message_parse_payloads: private next payload type %d "
+ "in payload of type %d ignored", next, payload);
+ goto next_payload;
+ }
+
/*
* Check if the current payload is one of the accepted ones at this
* stage.
@@ -289,6 +299,7 @@ message_parse_payloads (struct message *msg, struct payload *p, u_int8_t next,
if (func (msg, p, payload, buf))
return -1;
+ next_payload:
/* Advance to next payload. */
buf += len;
sz += len;