[src/netbsd-3-0]: src/crypto/dist/ipsec-tools/src/racoon Apply patch (request...

[ghen <ghen%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/1322f9d317e9
branches:  netbsd-3-0
changeset: 579406:1322f9d317e9
user:      ghen <ghen%NetBSD.org@localhost>
date:      Fri Apr 13 09:23:22 2007 +0000

description:
Apply patch (requested by adrianp in ticket #1763):
        crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c
Fix a denial of service vulnerability (CVE-2007-1841) which could allow an
attacker to disrupt a connection between IPSec peers.

diffstat:

 crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c |  10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diffs (26 lines):

diff -r 870ee72d7854 -r 1322f9d317e9 crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c   Thu Apr 05 21:18:26 2007 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c   Fri Apr 13 09:23:22 2007 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: isakmp_inf.c,v 1.1.1.3.2.7 2005/11/21 21:12:30 tron Exp $      */
+/*     $NetBSD: isakmp_inf.c,v 1.1.1.3.2.7.2.1 2007/04/13 09:23:22 ghen Exp $  */
 
 /* Id: isakmp_inf.c,v 1.14.4.9 2005/08/02 15:09:26 vanhu Exp */
 
@@ -269,12 +269,12 @@
 
        switch (np) {
        case ISAKMP_NPTYPE_N:
-               if (isakmp_info_recv_n(iph1, msg) < 0)
-                       goto end;
+               if ( encrypted )
+                       isakmp_info_recv_n(iph1, msg);
                break;
        case ISAKMP_NPTYPE_D:
-               if (isakmp_info_recv_d(iph1, msg) < 0)
-                       goto end;
+               if ( encrypted )
+                       isakmp_info_recv_d(iph1, msg);
                break;
        case ISAKMP_NPTYPE_NONCE:
                /* XXX to be 6.4.2 ike-01.txt */