diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2001-07-18 20:48:34 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2001-07-18 20:48:34 +0000 |
commit | e6cdd93e8611ec1c4122c8a65345870c955589f9 (patch) | |
tree | d01945d3dacc721f04f548fe892c0dc420f206b2 /sbin/isakmpd | |
parent | a7345630720647e662e8f1e1eba3cca5a44c2acf (diff) |
use correct length for SADB_X_EXT_POLICY message on KAME
tested on bsd/os; ok ho@
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r-- | sbin/isakmpd/pf_key_v2.c | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c index 6633c2c405c..30ab4ae310b 100644 --- a/sbin/isakmpd/pf_key_v2.c +++ b/sbin/isakmpd/pf_key_v2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_key_v2.c,v 1.77 2001/07/02 02:28:35 deraadt Exp $ */ +/* $OpenBSD: pf_key_v2.c,v 1.78 2001/07/18 20:48:33 markus Exp $ */ /* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */ /* @@ -1849,18 +1849,18 @@ pf_key_v2_flow (struct sockaddr *laddr, struct sockaddr *lmask, addr = 0; /* Setup the POLICY extension. */ - policy_buf = (u_int8_t *)calloc (1, sizeof *policy + sizeof *ipsecrequest + - 2 * sockaddr_len (src)); + len = sizeof *policy + sizeof *ipsecrequest + + 2 * PF_KEY_V2_ROUND (src->sa_len); + policy_buf = (u_int8_t *)calloc (1, len); if (!policy_buf) { - log_error ("pf_key_v2_flow: calloc %d failed", sizeof *policy + - sizeof *ipsecrequest + 2 * sockaddr_len (src)); + log_error ("pf_key_v2_flow: calloc %d failed", len); goto cleanup; } policy = (struct sadb_x_policy *)policy_buf; policy->sadb_x_policy_exttype = SADB_X_EXT_POLICY; - policy->sadb_x_policy_len = sizeof policy_buf / PF_KEY_V2_CHUNK; + policy->sadb_x_policy_len = len / PF_KEY_V2_CHUNK; policy->sadb_x_policy_type = IPSEC_POLICY_IPSEC; if (ingress) policy->sadb_x_policy_dir = IPSEC_DIR_INBOUND; @@ -1870,8 +1870,7 @@ pf_key_v2_flow (struct sockaddr *laddr, struct sockaddr *lmask, /* Setup the IPSECREQUEST extension part. */ ipsecrequest = (struct sadb_x_ipsecrequest *)(policy + 1); - ipsecrequest->sadb_x_ipsecrequest_len - = sizeof *ipsecrequest + 2 * sockaddr_len (src); + ipsecrequest->sadb_x_ipsecrequest_len = len - sizeof *policy; switch (proto) { case IPSEC_PROTO_IPSEC_ESP: |