[src/trunk]: src/crypto/dist/kame/racoon reject packet with too big isakmp me...

[itojun <itojun%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/06055aaf65c6
branches:  trunk
changeset: 565160:06055aaf65c6
user:      itojun <itojun%NetBSD.org@localhost>
date:      Wed Mar 31 07:19:27 2004 +0000

description:
reject packet with too big isakmp message length field.

diffstat:

 crypto/dist/kame/racoon/isakmp.c |  16 ++++++++++++++--
 1 files changed, 14 insertions(+), 2 deletions(-)

diffs (37 lines):

diff -r 8179fea3a714 -r 06055aaf65c6 crypto/dist/kame/racoon/isakmp.c
--- a/crypto/dist/kame/racoon/isakmp.c  Wed Mar 31 06:09:06 2004 +0000
+++ b/crypto/dist/kame/racoon/isakmp.c  Wed Mar 31 07:19:27 2004 +0000
@@ -1,4 +1,4 @@
-/*     $KAME: isakmp.c,v 1.177 2003/05/29 08:59:51 sakane Exp $        */
+/*     $KAME: isakmp.c,v 1.181 2004/03/31 03:14:39 sakane Exp $        */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: isakmp.c,v 1.13 2003/07/12 09:37:10 itojun Exp $");
+__RCSID("$NetBSD: isakmp.c,v 1.14 2004/03/31 07:19:27 itojun Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -192,6 +192,18 @@
                goto end;
        }
 
+       /* reject it if the size is tooooo big. */
+       if (ntohl(isakmp.len) > 0xffff) {
+               plog(LLV_ERROR, LOCATION, NULL,
+                       "the length of the isakmp header is too big.\n");
+               if ((len = recvfrom(so_isakmp, (char *)&isakmp, sizeof(isakmp),
+                           0, (struct sockaddr *)&remote, &remote_len)) < 0) {
+                       plog(LLV_ERROR, LOCATION, NULL,
+                               "failed to receive isakmp packet\n");
+               }
+               goto end;
+       }
+
        /* read real message */
        if ((buf = vmalloc(ntohl(isakmp.len))) == NULL) {
                plog(LLV_ERROR, LOCATION, NULL,