diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2001-07-04 22:16:34 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2001-07-04 22:16:34 +0000 |
| commit | ecd04a7a56b1d2c1c164bffa6c41cd08408b8345 (patch) | |
| tree | bf1c97f821309c05c95ed8a1c07ae8376a5a25e7 /sbin | |
| parent | 71dc491d6beab08026615a9c3f86406185aea6ec (diff) | |
Better handling of Key IDs.
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/isakmpd/isakmpd.policy.5 | 6 | ||||
| -rw-r--r-- | sbin/isakmpd/policy.c | 37 |
2 files changed, 39 insertions, 4 deletions
diff --git a/sbin/isakmpd/isakmpd.policy.5 b/sbin/isakmpd/isakmpd.policy.5 index 33c02eea0cc..5ee66b6fe28 100644 --- a/sbin/isakmpd/isakmpd.policy.5 +++ b/sbin/isakmpd/isakmpd.policy.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: isakmpd.policy.5,v 1.19 2001/06/25 04:04:19 angelos Exp $ +.\" $OpenBSD: isakmpd.policy.5,v 1.20 2001/07/04 22:16:33 angelos Exp $ .\" $EOM: isakmpd.policy.5,v 1.24 2000/11/23 12:55:25 niklas Exp $ .\" .\" Copyright (c) 1999-2001, Angelos D. Keromytis. All rights reserved. @@ -461,7 +461,9 @@ space separated by a dash ('-') character (if the type specifies a single address, they are set to that address). For FQDN and User FQDN types, these are set to the respective string. For Key ID, these are set to the hexadecimal representation of the -associated byte string (lower-case letters used). +associated byte string (lower-case letters used) if the Key ID payload +contains non-printable characters. +Otherwise, they are set to the respective string. .It remote_filter_port, local_filter_port, remote_id_port Set to the transport protocol port. .It remote_filter_proto, local_filter_proto, remote_id_proto diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c index 9989bfaa95a..fe7c3211793 100644 --- a/sbin/isakmpd/policy.c +++ b/sbin/isakmpd/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.40 2001/07/03 23:39:01 angelos Exp $ */ +/* $OpenBSD: policy.c,v 1.41 2001/07/04 22:16:32 angelos Exp $ */ /* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */ /* @@ -901,6 +901,17 @@ policy_callback (char *name) sizeof (char)); goto bad; } + /* Does it contain any non-printable characters ? */ + for (i = 0; i < id_sz - ISAKMP_ID_DATA_OFF + ISAKMP_GEN_SZ; i++) + if (!isprint (*(id + ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ + i))) + break; + if (i >= id_sz - ISAKMP_ID_DATA_OFF + ISAKMP_GEN_SZ) + { + memcpy (remote_id, id + ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ, + id_sz - ISAKMP_ID_DATA_OFF + ISAKMP_GEN_SZ); + break; + } + /* Non-printable characters, convert to hex */ for (i = 0; i < id_sz - ISAKMP_ID_DATA_OFF + ISAKMP_GEN_SZ; i++) { remote_id[2 * i] @@ -1167,6 +1178,17 @@ policy_callback (char *name) sizeof (char)); goto bad; } + /* Does it contain any non-printable characters ? */ + for (i = 0; i < idremotesz - ISAKMP_ID_DATA_OFF; i++) + if (!isprint (*(idremote + ISAKMP_ID_DATA_OFF + i))) + break; + if (i >= idremotesz - ISAKMP_ID_DATA_OFF) + { + memcpy (remote_filter, idremote + ISAKMP_ID_DATA_OFF, + idremotesz - ISAKMP_ID_DATA_OFF); + break; + } + /* Non-printable characters, convert to hex */ for (i = 0; i < idremotesz - ISAKMP_ID_DATA_OFF; i++) { remote_filter[2 * i] @@ -1451,7 +1473,18 @@ policy_callback (char *name) sizeof (char)); goto bad; } - for (i = 0; i < idremotesz - ISAKMP_ID_DATA_OFF; i++) + /* Does it contain any non-printable characters ? */ + for (i = 0; i < idlocalsz - ISAKMP_ID_DATA_OFF; i++) + if (!isprint (*(idlocal + ISAKMP_ID_DATA_OFF + i))) + break; + if (i >= idlocalsz - ISAKMP_ID_DATA_OFF) + { + memcpy (local_filter, idlocal + ISAKMP_ID_DATA_OFF, + idlocalsz - ISAKMP_ID_DATA_OFF); + break; + } + /* Non-printable characters, convert to hex */ + for (i = 0; i < idlocalsz - ISAKMP_ID_DATA_OFF; i++) { local_filter[2 * i] = hextab[*(idlocal + ISAKMP_ID_DATA_OFF) >> 4]; |