summaryrefslogtreecommitdiff
path: root/sys/netinet
diff options
context:
space:
mode:
authorAngelos D. Keromytis <angelos@cvs.openbsd.org>1999-02-16 23:58:01 +0000
committerAngelos D. Keromytis <angelos@cvs.openbsd.org>1999-02-16 23:58:01 +0000
commit9aaef72cac4dc70f190d7c7f7ee557c164c7de60 (patch)
tree9784681e50d8b5ef9318c70273b8f35bbdf59856 /sys/netinet
parent190894c1454733d11ab6901e55eb0c60eb907609 (diff)
Fix a padding check bug in the experimental-padding. iliya@ericom.com
Diffstat (limited to 'sys/netinet')
-rw-r--r--sys/netinet/ip_esp_new.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netinet/ip_esp_new.c b/sys/netinet/ip_esp_new.c
index accc829548d..c0c8e5fdd56 100644
--- a/sys/netinet/ip_esp_new.c
+++ b/sys/netinet/ip_esp_new.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_esp_new.c,v 1.31 1999/02/12 00:46:10 deraadt Exp $ */
+/* $OpenBSD: ip_esp_new.c,v 1.32 1999/02/16 23:58:00 angelos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -753,7 +753,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb)
return NULL;
}
else
- if (blk[blks - 2] != blk[blks - 3] + 1)
+ if ((blk[blks - 2] != 1) && (blk[blks - 2] != blk[blks - 3] + 1))
{
DPRINTF(("esp_new_input(): decryption failed for packet from %x to %x, SA %x/%08x\n", ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi)));
m_freem(m);