diff options
author | Hakan Olsson <ho@cvs.openbsd.org> | 2004-09-24 13:31:05 +0000 |
---|---|---|
committer | Hakan Olsson <ho@cvs.openbsd.org> | 2004-09-24 13:31:05 +0000 |
commit | d52df26f7c3c2366a760882d1c325cf28a961381 (patch) | |
tree | f2a213e39719fe234bdb3e5f04f19fdab42dd919 /sbin/isakmpd | |
parent | 36b76f882d69744b7159132564c5e100fa7606f3 (diff) |
Don't process NAT-T keepalives. Noted by Kamel Messaoudi. hshoexer@ ok
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r-- | sbin/isakmpd/udp_encap.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/sbin/isakmpd/udp_encap.c b/sbin/isakmpd/udp_encap.c index 3acd1ca98e1..0d1eb897a7b 100644 --- a/sbin/isakmpd/udp_encap.c +++ b/sbin/isakmpd/udp_encap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp_encap.c,v 1.7 2004/08/10 15:59:10 ho Exp $ */ +/* $OpenBSD: udp_encap.c,v 1.8 2004/09/24 13:31:04 ho Exp $ */ /* * Copyright (c) 1998, 1999, 2001 Niklas Hallqvist. All rights reserved. @@ -386,8 +386,12 @@ udp_encap_handle_message(struct transport *t) return; } - msg = message_alloc(t, buf + sizeof (u_int32_t), - n - sizeof (u_int32_t)); + /* NAT-Keepalive messages should not be processed further. */ + n -= sizeof(u_int32_t); + if (n == 1 && buf[sizeof(u_int32_t)] == 0xFF) + return; + + msg = message_alloc(t, buf + sizeof (u_int32_t), n); if (!msg) { log_error("failed to allocate message structure, dropping " "packet received on transport %p", u); |