diff options
author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 1999-02-16 23:58:01 +0000 |
---|---|---|
committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 1999-02-16 23:58:01 +0000 |
commit | 9aaef72cac4dc70f190d7c7f7ee557c164c7de60 (patch) | |
tree | 9784681e50d8b5ef9318c70273b8f35bbdf59856 /sys/netinet | |
parent | 190894c1454733d11ab6901e55eb0c60eb907609 (diff) |
Fix a padding check bug in the experimental-padding. iliya@ericom.com
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/ip_esp_new.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netinet/ip_esp_new.c b/sys/netinet/ip_esp_new.c index accc829548d..c0c8e5fdd56 100644 --- a/sys/netinet/ip_esp_new.c +++ b/sys/netinet/ip_esp_new.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp_new.c,v 1.31 1999/02/12 00:46:10 deraadt Exp $ */ +/* $OpenBSD: ip_esp_new.c,v 1.32 1999/02/16 23:58:00 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -753,7 +753,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb) return NULL; } else - if (blk[blks - 2] != blk[blks - 3] + 1) + if ((blk[blks - 2] != 1) && (blk[blks - 2] != blk[blks - 3] + 1)) { DPRINTF(("esp_new_input(): decryption failed for packet from %x to %x, SA %x/%08x\n", ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi))); m_freem(m); |