summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/net/pfkeyv2_parsemessage.c991
1 files changed, 641 insertions, 350 deletions
diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c
index aace2894136..a3a95f0a82d 100644
--- a/sys/net/pfkeyv2_parsemessage.c
+++ b/sys/net/pfkeyv2_parsemessage.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.26 2001/06/08 03:58:48 angelos Exp $ */
+/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.27 2001/07/01 07:32:37 angelos Exp $ */
/*
* @(#)COPYRIGHT 1.1 (NRL) 17 January 1995
@@ -76,6 +76,14 @@
#include <netinet/ip_ipsp.h>
#include <net/pfkeyv2.h>
+extern int encdebug;
+
+#ifdef ENCDEBUG
+#define DPRINTF(x) if (encdebug) printf x
+#else
+#define DPRINTF(x)
+#endif
+
#define BITMAP_SA (1 << SADB_EXT_SA)
#define BITMAP_LIFETIME_CURRENT (1 << SADB_EXT_LIFETIME_CURRENT)
#define BITMAP_LIFETIME_HARD (1 << SADB_EXT_LIFETIME_HARD)
@@ -264,389 +272,672 @@ int pfkeyv2_parsemessage(void *, int, void **);
int
pfkeyv2_parsemessage(void *p, int len, void **headers)
{
- struct sadb_ext *sadb_ext;
- int i, left = len;
- uint32_t allow, seen = 1;
- struct sadb_msg *sadb_msg = (struct sadb_msg *) p;
-
- bzero(headers, (SADB_EXT_MAX + 1) * sizeof(void *));
-
- if (left < sizeof(struct sadb_msg))
- return EINVAL;
-
- headers[0] = p;
-
- if (sadb_msg->sadb_msg_len * sizeof(uint64_t) != left)
- return EINVAL;
-
- p += sizeof(struct sadb_msg);
- left -= sizeof(struct sadb_msg);
-
- if (sadb_msg->sadb_msg_reserved)
- return EINVAL;
-
- if (sadb_msg->sadb_msg_type > SADB_MAX)
- return EINVAL;
-
- if (!sadb_msg->sadb_msg_type)
- return EINVAL;
-
- if (sadb_msg->sadb_msg_pid != curproc->p_pid)
- return EINVAL;
-
- if (sadb_msg->sadb_msg_errno) {
- if (left)
- return EINVAL;
-
- return 0;
- }
-
- if (sadb_msg->sadb_msg_type == SADB_X_PROMISC)
- return 0;
-
- allow = sadb_exts_allowed_in[sadb_msg->sadb_msg_type];
-
- while (left > 0) {
- sadb_ext = (struct sadb_ext *)p;
- if (left < sizeof(struct sadb_ext))
- return EINVAL;
-
- i = sadb_ext->sadb_ext_len * sizeof(uint64_t);
- if (left < i)
- return EINVAL;
-
- if (sadb_ext->sadb_ext_type > SADB_EXT_MAX)
- return EINVAL;
-
- if (!sadb_ext->sadb_ext_type)
- return EINVAL;
-
- if (!(allow & (1 << sadb_ext->sadb_ext_type)))
- return EINVAL;
-
- if (headers[sadb_ext->sadb_ext_type])
- return EINVAL;
-
- seen |= (1 << sadb_ext->sadb_ext_type);
-
- switch (sadb_ext->sadb_ext_type) {
- case SADB_EXT_SA:
- case SADB_X_EXT_SA2:
- {
- struct sadb_sa *sadb_sa = (struct sadb_sa *)p;
+ struct sadb_ext *sadb_ext;
+ int i, left = len;
+ uint32_t allow, seen = 1;
+ struct sadb_msg *sadb_msg = (struct sadb_msg *) p;
- if (i != sizeof(struct sadb_sa))
- return EINVAL;
+ bzero(headers, (SADB_EXT_MAX + 1) * sizeof(void *));
- if (sadb_sa->sadb_sa_state > SADB_SASTATE_MAX)
- return EINVAL;
-
- if (sadb_sa->sadb_sa_state == SADB_SASTATE_DEAD)
- return EINVAL;
-
- if (sadb_sa->sadb_sa_encrypt > SADB_EALG_MAX)
- return EINVAL;
-
- if (sadb_sa->sadb_sa_auth > SADB_AALG_MAX)
- return EINVAL;
-
- if (sadb_sa->sadb_sa_replay > 32)
- return EINVAL;
- }
- break;
- case SADB_X_EXT_PROTOCOL:
- case SADB_X_EXT_FLOW_TYPE:
- if (i != sizeof(struct sadb_protocol))
- return EINVAL;
- break;
- case SADB_X_EXT_POLICY:
- if (i != sizeof(struct sadb_x_policy))
- return EINVAL;
- break;
- case SADB_EXT_LIFETIME_CURRENT:
- case SADB_EXT_LIFETIME_HARD:
- case SADB_EXT_LIFETIME_SOFT:
- {
- if (i != sizeof(struct sadb_lifetime))
- return EINVAL;
+ if (left < sizeof(struct sadb_msg)) {
+ DPRINTF(("pfkeyv2_parsemessage: message too short\n"));
+ return EINVAL;
}
- break;
- case SADB_EXT_ADDRESS_SRC:
- case SADB_EXT_ADDRESS_DST:
- case SADB_X_EXT_SRC_MASK:
- case SADB_X_EXT_DST_MASK:
- case SADB_X_EXT_SRC_FLOW:
- case SADB_X_EXT_DST_FLOW:
- case SADB_X_EXT_DST2:
- case SADB_EXT_ADDRESS_PROXY:
- {
- struct sadb_address *sadb_address = (struct sadb_address *)p;
- struct sockaddr *sa = (struct sockaddr *)(p + sizeof(struct sadb_address));
- if (i < sizeof(struct sadb_address) + sizeof(struct sockaddr))
- return EINVAL;
+ headers[0] = p;
- if (sadb_address->sadb_address_reserved)
- return EINVAL;
+ if (sadb_msg->sadb_msg_len * sizeof(uint64_t) != left) {
+ DPRINTF(("pfkeyv2_parsemessage: length not a multiple of 64\n"));
+ return EINVAL;
+ }
-#if SALEN
- if (sa->sa_len && (i != sizeof(struct sadb_address) + sa->sa_len))
- return EINVAL;
-#endif /* SALEN */
+ p += sizeof(struct sadb_msg);
+ left -= sizeof(struct sadb_msg);
- switch(sa->sa_family) {
- case AF_INET:
- if (sizeof(struct sadb_address) + sizeof(struct sockaddr_in)
- != i)
- return EINVAL;
-#if SALEN
- if (sa->sa_len != sizeof(struct sockaddr_in))
- return EINVAL;
-#endif /* SALEN */
-
- /* Only check the right pieces */
- switch (sadb_ext->sadb_ext_type)
- {
- case SADB_X_EXT_SRC_MASK:
- case SADB_X_EXT_DST_MASK:
- case SADB_X_EXT_SRC_FLOW:
- case SADB_X_EXT_DST_FLOW:
- break;
-
- default:
- if (((struct sockaddr_in *)sa)->sin_port)
- return EINVAL;
- break;
- }
-
- {
- char zero[sizeof(((struct sockaddr_in *)sa)->sin_zero)];
- bzero(zero, sizeof(zero));
-
- if (bcmp(&((struct sockaddr_in *)sa)->sin_zero, zero,
- sizeof(zero)))
- return EINVAL;
- }
- break;
-#if INET6
- case AF_INET6:
- if (i != sizeof(struct sadb_address) +
- sizeof(struct sockaddr_in6) + 4)
+ if (sadb_msg->sadb_msg_reserved) {
+ DPRINTF(("pfkeyv2_parsemessage: message header reserved "
+ "field set\n"));
return EINVAL;
+ }
- if (sa->sa_len != sizeof(struct sockaddr_in6))
+ if (sadb_msg->sadb_msg_type > SADB_MAX) {
+ DPRINTF(("pfkeyv2_parsemessage: message type > %d\n",
+ SADB_MAX));
return EINVAL;
+ }
- if (((struct sockaddr_in6 *)sa)->sin6_flowinfo)
+ if (!sadb_msg->sadb_msg_type) {
+ DPRINTF(("pfkeyv2_parsemessage: message type unset\n"));
return EINVAL;
-
- break;
-#endif /* INET6 */
- default:
- return EINVAL;
- }
}
- break;
- case SADB_EXT_KEY_AUTH:
- case SADB_EXT_KEY_ENCRYPT:
- {
- struct sadb_key *sadb_key = (struct sadb_key *)p;
-
- if (i < sizeof(struct sadb_key))
- return EINVAL;
- if (!sadb_key->sadb_key_bits)
- return EINVAL;
-
- if (((sadb_key->sadb_key_bits + 63) / 64) * sizeof(uint64_t) !=
- i - sizeof(struct sadb_key))
- return EINVAL;
-
- if (sadb_key->sadb_key_reserved)
- return EINVAL;
+ if (sadb_msg->sadb_msg_pid != curproc->p_pid) {
+ DPRINTF(("pfkeyv2_parsemessage: bad PID value\n"));
+ return EINVAL;
}
- break;
- case SADB_X_EXT_LOCAL_AUTH:
- case SADB_X_EXT_REMOTE_AUTH:
- {
- struct sadb_x_cred *sadb_cred = (struct sadb_x_cred *)p;
- if (i < sizeof(struct sadb_x_cred))
- return EINVAL;
-
- if (sadb_cred->sadb_x_cred_type > SADB_X_AUTHTYPE_MAX)
- return EINVAL;
-
- if (sadb_cred->sadb_x_cred_reserved)
- return EINVAL;
+ if (sadb_msg->sadb_msg_errno) {
+ if (left) {
+ DPRINTF(("pfkeyv2_parsemessage: too-large error message\n"));
+ return EINVAL;
+ }
+ return 0;
}
- break;
- case SADB_X_EXT_LOCAL_CREDENTIALS:
- case SADB_X_EXT_REMOTE_CREDENTIALS:
- {
- struct sadb_x_cred *sadb_cred = (struct sadb_x_cred *)p;
-
- if (i < sizeof(struct sadb_x_cred))
- return EINVAL;
-
- if (sadb_cred->sadb_x_cred_type > SADB_X_CREDTYPE_MAX)
- return EINVAL;
- if (sadb_cred->sadb_x_cred_reserved)
- return EINVAL;
+ if (sadb_msg->sadb_msg_type == SADB_X_PROMISC) {
+ DPRINTF(("pfkeyv2_parsemessage: message type promiscuous\n"));
+ return 0;
}
- break;
- case SADB_EXT_IDENTITY_SRC:
- case SADB_EXT_IDENTITY_DST:
- {
- struct sadb_ident *sadb_ident = (struct sadb_ident *)p;
-
- if (i < sizeof(struct sadb_ident))
- return EINVAL;
-
- if (sadb_ident->sadb_ident_type > SADB_IDENTTYPE_MAX)
- return EINVAL;
- if (sadb_ident->sadb_ident_reserved)
- return EINVAL;
+ allow = sadb_exts_allowed_in[sadb_msg->sadb_msg_type];
- if (i > sizeof(struct sadb_ident)) {
- char *c = (char *)(p + sizeof(struct sadb_ident));
- int j;
+ while (left > 0) {
+ sadb_ext = (struct sadb_ext *)p;
+ if (left < sizeof(struct sadb_ext)) {
+ DPRINTF(("pfkeyv2_parsemessage: extension header too "
+ "short\n"));
+ return EINVAL;
+ }
- if (*(char *)(p + i - 1))
- return EINVAL;
+ i = sadb_ext->sadb_ext_len * sizeof(uint64_t);
+ if (left < i) {
+ DPRINTF(("pfkeyv2_parsemessage: extension header "
+ "exceeds message length\n"));
+ return EINVAL;
+ }
- j = ((strlen(c) + sizeof(uint64_t)) & ~(sizeof(uint64_t)-1)) +
- sizeof(struct sadb_ident);
+ if (sadb_ext->sadb_ext_type > SADB_EXT_MAX) {
+ DPRINTF(("pfkeyv2_parsemessage: unknown extension "
+ "header %d\n", sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
- if (i != j)
- return EINVAL;
- }
- }
- break;
- case SADB_EXT_SENSITIVITY:
- {
- struct sadb_sens *sadb_sens = (struct sadb_sens *)p;
+ if (!sadb_ext->sadb_ext_type) {
+ DPRINTF(("pfkeyv2_parsemessage: unset extension "
+ "header\n"));
+ return EINVAL;
+ }
- if (i < sizeof(struct sadb_sens))
- return EINVAL;
+ if (!(allow & (1 << sadb_ext->sadb_ext_type))) {
+ DPRINTF(("pfkeyv2_parsemessage: extension header %d "
+ "not permitted on message type %d\n",
+ sadb_ext->sadb_ext_type, sadb_msg->sadb_msg_type));
+ return EINVAL;
+ }
- if (i != (sadb_sens->sadb_sens_sens_len +
- sadb_sens->sadb_sens_integ_len) * sizeof(uint64_t) +
- sizeof(struct sadb_sens))
- return EINVAL;
+ if (headers[sadb_ext->sadb_ext_type]) {
+ DPRINTF(("pfkeyv2_parsemessage: duplicate extension "
+ "header %d\n", sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ seen |= (1 << sadb_ext->sadb_ext_type);
+
+ switch (sadb_ext->sadb_ext_type) {
+ case SADB_EXT_SA:
+ case SADB_X_EXT_SA2:
+ {
+ struct sadb_sa *sadb_sa = (struct sadb_sa *)p;
+
+ if (i != sizeof(struct sadb_sa)) {
+ DPRINTF(("pfkeyv2_parsemessage: bad header "
+ "length for SA extension header %d\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (sadb_sa->sadb_sa_state > SADB_SASTATE_MAX) {
+ DPRINTF(("pfkeyv2_parsemessage: unknown SA "
+ "state %d in SA extension header %d\n",
+ sadb_sa->sadb_sa_state,
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (sadb_sa->sadb_sa_state == SADB_SASTATE_DEAD) {
+ DPRINTF(("pfkeyv2_parsemessage: cannot set SA "
+ "state to dead, SA extension header %d\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (sadb_sa->sadb_sa_encrypt > SADB_EALG_MAX) {
+ DPRINTF(("pfkeyv2_parsemessage: unknown "
+ "encryption algorithm %d in SA extension "
+ "header %d\n", sadb_sa->sadb_sa_encrypt,
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (sadb_sa->sadb_sa_auth > SADB_AALG_MAX) {
+ DPRINTF(("pfkeyv2_parsemessage: unknown "
+ "authentication algorithm %d in SA "
+ "extension header %d\n",
+ sadb_sa->sadb_sa_auth,
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (sadb_sa->sadb_sa_replay > 32) {
+ DPRINTF(("pfkeyv2_parsemessage: unsupported "
+ "replay window size %d in SA extension "
+ "header %d\n", sadb_sa->sadb_sa_replay,
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+ }
+ break;
+ case SADB_X_EXT_PROTOCOL:
+ case SADB_X_EXT_FLOW_TYPE:
+ if (i != sizeof(struct sadb_protocol)) {
+ DPRINTF(("pfkeyv2_parsemessage: bad "
+ "PROTOCOL/FLOW header length in extension "
+ "header %d\n", sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+ break;
+ case SADB_X_EXT_POLICY:
+ if (i != sizeof(struct sadb_x_policy)) {
+ DPRINTF(("pfkeyv2_parsemessage: bad POLICY "
+ "header length\n"));
+ return EINVAL;
+ }
+ break;
+ case SADB_EXT_LIFETIME_CURRENT:
+ case SADB_EXT_LIFETIME_HARD:
+ case SADB_EXT_LIFETIME_SOFT:
+ if (i != sizeof(struct sadb_lifetime)) {
+ DPRINTF(("pfkeyv2_parsemessage: bad header "
+ "length for LIFETIME extension header "
+ "%d\n", sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+ break;
+ case SADB_EXT_ADDRESS_SRC:
+ case SADB_EXT_ADDRESS_DST:
+ case SADB_X_EXT_SRC_MASK:
+ case SADB_X_EXT_DST_MASK:
+ case SADB_X_EXT_SRC_FLOW:
+ case SADB_X_EXT_DST_FLOW:
+ case SADB_X_EXT_DST2:
+ case SADB_EXT_ADDRESS_PROXY:
+ {
+ struct sadb_address *sadb_address =
+ (struct sadb_address *)p;
+ struct sockaddr *sa = (struct sockaddr *)(p +
+ sizeof(struct sadb_address));
+
+ if (i < sizeof(struct sadb_address) +
+ sizeof(struct sockaddr)) {
+ DPRINTF(("pfkeyv2_parsemessage: bad ADDRESS "
+ "extension header %d length\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (sadb_address->sadb_address_reserved) {
+ DPRINTF(("pfkeyv2_parsemessage: ADDRESS "
+ "extension header %d reserved field set\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+ if (sa->sa_len &&
+ (i != sizeof(struct sadb_address) + sa->sa_len)) {
+ DPRINTF(("pfkeyv2_parsemessage: bad sockaddr "
+ "length field in ADDRESS extension "
+ "header %d\n", sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ switch(sa->sa_family) {
+ case AF_INET:
+ if (sizeof(struct sadb_address) +
+ sizeof(struct sockaddr_in) != i) {
+ DPRINTF(("pfkeyv2_parsemessage: "
+ "invalid ADDRESS extension header "
+ "%d length\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (sa->sa_len != sizeof(struct sockaddr_in)) {
+ DPRINTF(("pfkeyv2_parsemessage: bad "
+ "sockaddr_in length in ADDRESS "
+ "extension header %d\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ /* Only check the right pieces */
+ switch (sadb_ext->sadb_ext_type)
+ {
+ case SADB_X_EXT_SRC_MASK:
+ case SADB_X_EXT_DST_MASK:
+ case SADB_X_EXT_SRC_FLOW:
+ case SADB_X_EXT_DST_FLOW:
+ break;
+
+ default:
+ if (((struct sockaddr_in *)sa)->sin_port) {
+ DPRINTF(("pfkeyv2_parsemessage"
+ ": port field set in "
+ "sockaddr_in of ADDRESS "
+ "extension header %d\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+ break;
+ }
+
+ {
+ char zero[sizeof(((struct sockaddr_in *)sa)->sin_zero)];
+ bzero(zero, sizeof(zero));
+
+ if (bcmp(&((struct sockaddr_in *)sa)->sin_zero, zero, sizeof(zero))) {
+ DPRINTF(("pfkeyv2_parsemessage"
+ ": reserved sockaddr_in "
+ "field non-zero'ed in "
+ "ADDRESS extension header "
+ "%d\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+ }
+ break;
+#if INET6
+ case AF_INET6:
+ if (i != sizeof(struct sadb_address) +
+ sizeof(struct sockaddr_in6) + 4) {
+ DPRINTF(("pfkeyv2_parsemessage: "
+ "invalid sockaddr_in6 length in "
+ "ADDRESS extension header %d\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (sa->sa_len !=
+ sizeof(struct sockaddr_in6)) {
+ DPRINTF(("pfkeyv2_parsemessage: bad "
+ "sockaddr_in6 length in ADDRESS "
+ "extension header %d\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (((struct sockaddr_in6 *)sa)->sin6_flowinfo) {
+ DPRINTF(("pfkeyv2_parsemessage: "
+ "flowinfo field set in "
+ "sockaddr_in6 of ADDRESS "
+ "extension header %d\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+ break;
+#endif /* INET6 */
+ default:
+ DPRINTF(("pfkeyv2_parsemessage: unknown "
+ "address family %d in ADDRESS extension "
+ "header %d\n",
+ sa->sa_family, sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+ }
+ break;
+ case SADB_EXT_KEY_AUTH:
+ case SADB_EXT_KEY_ENCRYPT:
+ {
+ struct sadb_key *sadb_key = (struct sadb_key *)p;
+
+ if (i < sizeof(struct sadb_key)) {
+ DPRINTF(("pfkeyv2_parsemessage: bad header "
+ "length in KEY extension header %d\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (!sadb_key->sadb_key_bits) {
+ DPRINTF(("pfkeyv2_parsemessage: key length "
+ "unset in KEY extension header %d\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (((sadb_key->sadb_key_bits + 63) / 64) * sizeof(uint64_t) != i - sizeof(struct sadb_key)) {
+ DPRINTF(("pfkeyv2_parsemessage: invalid key "
+ "length in KEY extension header %d\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (sadb_key->sadb_key_reserved) {
+ DPRINTF(("pfkeyv2_parsemessage: reserved field"
+ " set in KEY extension header %d\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+ }
+ break;
+ case SADB_X_EXT_LOCAL_AUTH:
+ case SADB_X_EXT_REMOTE_AUTH:
+ {
+ struct sadb_x_cred *sadb_cred =
+ (struct sadb_x_cred *)p;
+
+ if (i < sizeof(struct sadb_x_cred)) {
+ DPRINTF(("pfkeyv2_parsemessage: bad header "
+ "length for AUTH extension header %d\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (sadb_cred->sadb_x_cred_type > SADB_X_AUTHTYPE_MAX) {
+ DPRINTF(("pfkeyv2_parsemessage: unknown auth "
+ "type %d in AUTH extension header %d\n",
+ sadb_cred->sadb_x_cred_type,
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (sadb_cred->sadb_x_cred_reserved) {
+ DPRINTF(("pfkeyv2_parsemessage: reserved field"
+ " set in AUTH extension header %d\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+ }
+ break;
+ case SADB_X_EXT_LOCAL_CREDENTIALS:
+ case SADB_X_EXT_REMOTE_CREDENTIALS:
+ {
+ struct sadb_x_cred *sadb_cred =
+ (struct sadb_x_cred *)p;
+
+ if (i < sizeof(struct sadb_x_cred)) {
+ DPRINTF(("pfkeyv2_parsemessage: bad header "
+ "length of CREDENTIALS extension header "
+ "%d\n", sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (sadb_cred->sadb_x_cred_type > SADB_X_CREDTYPE_MAX) {
+ DPRINTF(("pfkeyv2_parsemessage: unknown "
+ "credential type %d in CREDENTIALS "
+ "extension header %d\n",
+ sadb_cred->sadb_x_cred_type,
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (sadb_cred->sadb_x_cred_reserved) {
+ DPRINTF(("pfkeyv2_parsemessage: reserved "
+ "field set in CREDENTIALS extension "
+ "header %d\n", sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+ }
+ break;
+ case SADB_EXT_IDENTITY_SRC:
+ case SADB_EXT_IDENTITY_DST:
+ {
+ struct sadb_ident *sadb_ident = (struct sadb_ident *)p;
+
+ if (i < sizeof(struct sadb_ident)) {
+ DPRINTF(("pfkeyv2_parsemessage: bad header "
+ "length of IDENTITY extension header %d\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (sadb_ident->sadb_ident_type > SADB_IDENTTYPE_MAX) {
+ DPRINTF(("pfkeyv2_parsemessage: unknown "
+ "identity type %d in IDENTITY extension "
+ "header %d\n",
+ sadb_ident->sadb_ident_type,
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (sadb_ident->sadb_ident_reserved) {
+ DPRINTF(("pfkeyv2_parsemessage: reserved "
+ "field set in IDENTITY extension header "
+ "%d\n", sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (i > sizeof(struct sadb_ident)) {
+ char *c =
+ (char *)(p + sizeof(struct sadb_ident));
+ int j;
+
+ if (*(char *)(p + i - 1)) {
+ DPRINTF(("pfkeyv2_parsemessage: non "
+ "NUL-terminated identity in "
+ "IDENTITY extension header %d\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ j = ((strlen(c) + sizeof(uint64_t)) &
+ ~(sizeof(uint64_t)-1)) +
+ sizeof(struct sadb_ident);
+
+ if (i != j) {
+ DPRINTF(("pfkeyv2_parsemessage: actual"
+ "identity length does not match "
+ "expected length in identity "
+ "extension header %d\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+ }
+ }
+ break;
+ case SADB_EXT_SENSITIVITY:
+ {
+ struct sadb_sens *sadb_sens = (struct sadb_sens *)p;
+
+ if (i < sizeof(struct sadb_sens)) {
+ DPRINTF(("pfkeyv2_parsemessage: bad header "
+ "length for SENSITIVITY extension "
+ "header\n"));
+ return EINVAL;
+ }
+
+ if (i != (sadb_sens->sadb_sens_sens_len +
+ sadb_sens->sadb_sens_integ_len) *
+ sizeof(uint64_t) +
+ sizeof(struct sadb_sens)) {
+ DPRINTF(("pfkeyv2_parsemessage: bad payload "
+ "length for SENSITIVITY extension "
+ "header\n"));
+ return EINVAL;
+ }
+ }
+ break;
+ case SADB_EXT_PROPOSAL:
+ {
+ struct sadb_prop *sadb_prop = (struct sadb_prop *)p;
+
+ if (i < sizeof(struct sadb_prop)) {
+ DPRINTF(("pfkeyv2_parsemessage: bad PROPOSAL "
+ "header length\n"));
+ return EINVAL;
+ }
+
+ if (sadb_prop->sadb_prop_reserved) {
+ DPRINTF(("pfkeyv2_parsemessage: reserved field"
+ "set in PROPOSAL extension header\n"));
+ return EINVAL;
+ }
+
+ if ((i - sizeof(struct sadb_prop)) %
+ sizeof(struct sadb_comb)) {
+ DPRINTF(("pfkeyv2_parsemessage: bad proposal "
+ "length\n"));
+ return EINVAL;
+ }
+
+ {
+ struct sadb_comb *sadb_comb =
+ (struct sadb_comb *)(p +
+ sizeof(struct sadb_prop));
+ int j;
+
+ for (j = 0;
+ j < (i - sizeof(struct sadb_prop))/sizeof(struct sadb_comb);
+ j++) {
+ if (sadb_comb->sadb_comb_auth >
+ SADB_AALG_MAX) {
+ DPRINTF(("pfkeyv2_parsemessage"
+ ": unknown authentication "
+ "algorithm %d in "
+ "PROPOSAL\n",
+ sadb_comb->sadb_comb_auth));
+ return EINVAL;
+ }
+
+ if (sadb_comb->sadb_comb_encrypt >
+ SADB_EALG_MAX) {
+ DPRINTF(("pfkeyv2_parsemessage"
+ ": unknown encryption "
+ "algorithm %d in "
+ "PROPOSAL\n",
+ sadb_comb->sadb_comb_encrypt));
+ return EINVAL;
+ }
+
+ if (sadb_comb->sadb_comb_reserved) {
+ DPRINTF(("pfkeyv2_parsemessage"
+ ": reserved field set in "
+ "COMB header\n"));
+ return EINVAL;
+ }
+ }
+ }
+ }
+ break;
+ case SADB_EXT_SUPPORTED_AUTH:
+ case SADB_EXT_SUPPORTED_ENCRYPT:
+ {
+ struct sadb_supported *sadb_supported =
+ (struct sadb_supported *)p;
+ int j;
+
+ if (i < sizeof(struct sadb_supported)) {
+ DPRINTF(("pfkeyv2_parsemessage: bad header "
+ "length for SUPPORTED extension header "
+ "%d\n", sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (sadb_supported->sadb_supported_reserved) {
+ DPRINTF(("pfkeyv2_parsemessage: reserved "
+ "field set in SUPPORTED extension "
+ "header %d\n", sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ {
+ struct sadb_alg *sadb_alg =
+ (struct sadb_alg *)(p +
+ sizeof(struct sadb_supported));
+ int max_alg;
+
+ max_alg = sadb_ext->sadb_ext_type == SADB_EXT_SUPPORTED_AUTH ?
+ SADB_AALG_MAX : SADB_EALG_MAX;
+
+ for (j = 0; j < sadb_supported->sadb_supported_len - 1; j++) {
+ if (sadb_alg->sadb_alg_id > max_alg) {
+ DPRINTF(("pfkeyv2_parsemessage"
+ ": unknown algorithm %d "
+ "in SUPPORTED extension "
+ "header %d\n",
+ sadb_alg->sadb_alg_id,
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ if (sadb_alg->sadb_alg_reserved) {
+ DPRINTF(("pfkeyv2_parsemessage"
+ ": reserved field set in "
+ "supported algorithms "
+ "header inside SUPPORTED "
+ "extension header %d\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ sadb_alg++;
+ }
+ }
+ }
+ break;
+ case SADB_EXT_SPIRANGE:
+ {
+ struct sadb_spirange *sadb_spirange =
+ (struct sadb_spirange *)p;
+
+ if (i != sizeof(struct sadb_spirange)) {
+ DPRINTF(("pfkeyv2_parsemessage: bad header "
+ "length of SPIRANGE extension header\n"));
+ return EINVAL;
+ }
+
+ if (sadb_spirange->sadb_spirange_min >
+ sadb_spirange->sadb_spirange_max) {
+ DPRINTF(("pfkeyv2_parsemessage: bad SPI "
+ "range\n"));
+ return EINVAL;
+ }
+ }
+ break;
+ default:
+ DPRINTF(("pfkeyv2_parsemessage: unknown extension "
+ "header type %d\n",
+ sadb_ext->sadb_ext_type));
+ return EINVAL;
+ }
+
+ headers[sadb_ext->sadb_ext_type] = p;
+ p += i;
+ left -= i;
}
- break;
- case SADB_EXT_PROPOSAL:
- {
- struct sadb_prop *sadb_prop = (struct sadb_prop *)p;
-
- if (i < sizeof(struct sadb_prop))
- return EINVAL;
- if (sadb_prop->sadb_prop_reserved)
- return EINVAL;
-
- if ((i - sizeof(struct sadb_prop)) % sizeof(struct sadb_comb))
- return EINVAL;
-
- {
- struct sadb_comb *sadb_comb = (struct sadb_comb *)(p + sizeof(struct sadb_prop));
- int j;
-
- for (j = 0;
- j < (i - sizeof(struct sadb_prop))/sizeof(struct sadb_comb);
- j++) {
- if (sadb_comb->sadb_comb_auth > SADB_AALG_MAX)
- return EINVAL;
-
- if (sadb_comb->sadb_comb_encrypt > SADB_EALG_MAX)
- return EINVAL;
-
- if (sadb_comb->sadb_comb_reserved)
+ if (left) {
+ DPRINTF(("pfkeyv2_parsemessage: message too long\n"));
return EINVAL;
-
- }
- }
}
- break;
- case SADB_EXT_SUPPORTED_AUTH:
- case SADB_EXT_SUPPORTED_ENCRYPT:
- {
- struct sadb_supported *sadb_supported = (struct sadb_supported *)p;
- int j;
-
- if (i < sizeof(struct sadb_supported))
- return EINVAL;
-
- if (sadb_supported->sadb_supported_reserved)
- return EINVAL;
-
- {
- struct sadb_alg *sadb_alg = (struct sadb_alg *)(p + sizeof(struct sadb_supported));
- int max_alg;
- max_alg = sadb_ext->sadb_ext_type == SADB_EXT_SUPPORTED_AUTH ?
- SADB_AALG_MAX : SADB_EALG_MAX;
-
- for (j = 0; j < sadb_supported->sadb_supported_len - 1; j++) {
- if (sadb_alg->sadb_alg_id > max_alg)
- return EINVAL;
+ {
+ uint32_t required;
- if (sadb_alg->sadb_alg_reserved)
- return EINVAL;
+ required = sadb_exts_required_in[sadb_msg->sadb_msg_type];
- sadb_alg++;
- }
- }
+ if ((seen & required) != required) {
+ DPRINTF(("pfkeyv2_parsemessage: required fields "
+ "missing\n"));
+ return EINVAL;
+ }
}
- break;
- case SADB_EXT_SPIRANGE:
- {
- struct sadb_spirange *sadb_spirange = (struct sadb_spirange *)p;
- if (i != sizeof(struct sadb_spirange))
- return EINVAL;
-
- if (sadb_spirange->sadb_spirange_min >
- sadb_spirange->sadb_spirange_max)
- return EINVAL;
+ switch(((struct sadb_msg *)headers[0])->sadb_msg_type) {
+ case SADB_UPDATE:
+ if (((struct sadb_sa *)headers[SADB_EXT_SA])->sadb_sa_state !=
+ SADB_SASTATE_MATURE) {
+ DPRINTF(("pfkeyv2_parsemessage: updating non-mature "
+ "SA prohibited\n"));
+ return EINVAL;
+ }
+ break;
+ case SADB_ADD:
+ if (((struct sadb_sa *)headers[SADB_EXT_SA])->sadb_sa_state !=
+ SADB_SASTATE_MATURE) {
+ DPRINTF(("pfkeyv2_parsemessage: adding non-mature "
+ "SA prohibited\n"));
+ return EINVAL;
+ }
+ break;
}
- break;
- default:
- return EINVAL;
- }
-
- headers[sadb_ext->sadb_ext_type] = p;
- p += i;
- left -= i;
- }
-
- if (left)
- return EINVAL;
-
- {
- uint32_t required;
-
- required = sadb_exts_required_in[sadb_msg->sadb_msg_type];
-
- if ((seen & required) != required)
- return EINVAL;
- }
-
- switch(((struct sadb_msg *)headers[0])->sadb_msg_type) {
- case SADB_UPDATE:
- if (((struct sadb_sa *)headers[SADB_EXT_SA])->sadb_sa_state !=
- SADB_SASTATE_MATURE)
- return EINVAL;
- break;
- case SADB_ADD:
- if (((struct sadb_sa *)headers[SADB_EXT_SA])->sadb_sa_state !=
- SADB_SASTATE_MATURE)
- return EINVAL;
- break;
- }
-
- return 0;
+
+ return 0;
}