Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-2-0]: src/crypto/dist/kame/racoon Apply patch (requested by adria...
details: https://anonhg.NetBSD.org/src/rev/c0c42ba233c8
branches: netbsd-2-0
changeset: 564940:c0c42ba233c8
user: tron <tron%NetBSD.org@localhost>
date: Thu Jan 19 21:38:27 2006 +0000
description:
Apply patch (requested by adrianp in ticket #10224):
Fix denial of service vulnerabilityin racoon(8).
diffstat:
crypto/dist/kame/racoon/isakmp_agg.c | 14 +++++++++++---
1 files changed, 11 insertions(+), 3 deletions(-)
diffs (38 lines):
diff -r 79cf1e3eeff1 -r c0c42ba233c8 crypto/dist/kame/racoon/isakmp_agg.c
--- a/crypto/dist/kame/racoon/isakmp_agg.c Thu Jan 19 21:35:54 2006 +0000
+++ b/crypto/dist/kame/racoon/isakmp_agg.c Thu Jan 19 21:38:27 2006 +0000
@@ -32,7 +32,7 @@
/* Aggressive Exchange (Aggressive Mode) */
#include <sys/cdefs.h>
-__RCSID("$NetBSD: isakmp_agg.c,v 1.2.2.1 2004/06/17 12:38:10 tron Exp $");
+__RCSID("$NetBSD: isakmp_agg.c,v 1.2.2.2 2006/01/19 21:38:27 tron Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -342,7 +342,11 @@
}
/* payload existency check */
- /* XXX to be checked each authentication method. */
+ if (iph1->dhpub_p == NULL || iph1->nonce_p == NULL) {
+ plog(LLV_ERROR, LOCATION, iph1->remote,
+ "few isakmp message received.\n");
+ goto end;
+ }
/* verify identifier */
if (ipsecdoi_checkid1(iph1) != 0) {
@@ -674,7 +678,11 @@
}
/* payload existency check */
- /* XXX to be checked each authentication method. */
+ if (iph1->dhpub_p == NULL || iph1->nonce_p == NULL) {
+ plog(LLV_ERROR, LOCATION, iph1->remote,
+ "few isakmp message received.\n");
+ goto end;
+ }
/* verify identifier */
if (ipsecdoi_checkid1(iph1) != 0) {
Home |
Main Index |
Thread Index |
Old Index