summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2001-07-18 20:48:34 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2001-07-18 20:48:34 +0000
commite6cdd93e8611ec1c4122c8a65345870c955589f9 (patch)
treed01945d3dacc721f04f548fe892c0dc420f206b2 /sbin/isakmpd
parenta7345630720647e662e8f1e1eba3cca5a44c2acf (diff)
use correct length for SADB_X_EXT_POLICY message on KAME
tested on bsd/os; ok ho@
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r--sbin/isakmpd/pf_key_v2.c15
1 files changed, 7 insertions, 8 deletions
diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c
index 6633c2c405c..30ab4ae310b 100644
--- a/sbin/isakmpd/pf_key_v2.c
+++ b/sbin/isakmpd/pf_key_v2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_key_v2.c,v 1.77 2001/07/02 02:28:35 deraadt Exp $ */
+/* $OpenBSD: pf_key_v2.c,v 1.78 2001/07/18 20:48:33 markus Exp $ */
/* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */
/*
@@ -1849,18 +1849,18 @@ pf_key_v2_flow (struct sockaddr *laddr, struct sockaddr *lmask,
addr = 0;
/* Setup the POLICY extension. */
- policy_buf = (u_int8_t *)calloc (1, sizeof *policy + sizeof *ipsecrequest +
- 2 * sockaddr_len (src));
+ len = sizeof *policy + sizeof *ipsecrequest +
+ 2 * PF_KEY_V2_ROUND (src->sa_len);
+ policy_buf = (u_int8_t *)calloc (1, len);
if (!policy_buf)
{
- log_error ("pf_key_v2_flow: calloc %d failed", sizeof *policy +
- sizeof *ipsecrequest + 2 * sockaddr_len (src));
+ log_error ("pf_key_v2_flow: calloc %d failed", len);
goto cleanup;
}
policy = (struct sadb_x_policy *)policy_buf;
policy->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
- policy->sadb_x_policy_len = sizeof policy_buf / PF_KEY_V2_CHUNK;
+ policy->sadb_x_policy_len = len / PF_KEY_V2_CHUNK;
policy->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
if (ingress)
policy->sadb_x_policy_dir = IPSEC_DIR_INBOUND;
@@ -1870,8 +1870,7 @@ pf_key_v2_flow (struct sockaddr *laddr, struct sockaddr *lmask,
/* Setup the IPSECREQUEST extension part. */
ipsecrequest = (struct sadb_x_ipsecrequest *)(policy + 1);
- ipsecrequest->sadb_x_ipsecrequest_len
- = sizeof *ipsecrequest + 2 * sockaddr_len (src);
+ ipsecrequest->sadb_x_ipsecrequest_len = len - sizeof *policy;
switch (proto)
{
case IPSEC_PROTO_IPSEC_ESP: