summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
diff options
context:
space:
mode:
authorHakan Olsson <ho@cvs.openbsd.org>2004-09-24 13:31:05 +0000
committerHakan Olsson <ho@cvs.openbsd.org>2004-09-24 13:31:05 +0000
commitd52df26f7c3c2366a760882d1c325cf28a961381 (patch)
treef2a213e39719fe234bdb3e5f04f19fdab42dd919 /sbin/isakmpd
parent36b76f882d69744b7159132564c5e100fa7606f3 (diff)
Don't process NAT-T keepalives. Noted by Kamel Messaoudi. hshoexer@ ok
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r--sbin/isakmpd/udp_encap.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/sbin/isakmpd/udp_encap.c b/sbin/isakmpd/udp_encap.c
index 3acd1ca98e1..0d1eb897a7b 100644
--- a/sbin/isakmpd/udp_encap.c
+++ b/sbin/isakmpd/udp_encap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: udp_encap.c,v 1.7 2004/08/10 15:59:10 ho Exp $ */
+/* $OpenBSD: udp_encap.c,v 1.8 2004/09/24 13:31:04 ho Exp $ */
/*
* Copyright (c) 1998, 1999, 2001 Niklas Hallqvist. All rights reserved.
@@ -386,8 +386,12 @@ udp_encap_handle_message(struct transport *t)
return;
}
- msg = message_alloc(t, buf + sizeof (u_int32_t),
- n - sizeof (u_int32_t));
+ /* NAT-Keepalive messages should not be processed further. */
+ n -= sizeof(u_int32_t);
+ if (n == 1 && buf[sizeof(u_int32_t)] == 0xFF)
+ return;
+
+ msg = message_alloc(t, buf + sizeof (u_int32_t), n);
if (!msg) {
log_error("failed to allocate message structure, dropping "
"packet received on transport %p", u);