meta-openembedded/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-ivm.patch - openbmc/openbmc - Gitiles

 Subject: [PATCH] ipsec-tools: racoon: check several invalid ivm

 Upstream-Status: Pending

 Add checking for invalid ivm, or it will crash racoon.

 Signed-off-by: Ming Liu <ming.liu@windriver.com>
 ---
  isakmp_cfg.c |    5 +++++
  1 file changed, 5 insertions(+)

 diff -urpN a/src/racoon/isakmp_cfg.c b/src/racoon/isakmp_cfg.c
 --- a/src/racoon/isakmp_cfg.c
 +++ b/src/racoon/isakmp_cfg.c
 @@ -171,6 +171,11 @@ isakmp_cfg_r(iph1, msg)
  	    iph1->mode_cfg->last_msgid != packet->msgid )
  		iph1->mode_cfg->ivm =
  		    isakmp_cfg_newiv(iph1, packet->msgid);
 +	if(iph1->mode_cfg->ivm == NULL) {
 +		plog(LLV_ERROR, LOCATION, NULL,
 +		    "failed to create new IV\n");
 +		return;
 +	}
  	ivm = iph1->mode_cfg->ivm;

  	dmsg = oakley_do_decrypt(iph1, msg, ivm->iv, ivm->ive);
	Subject: [PATCH] ipsec-tools: racoon: check several invalid ivm

	Upstream-Status: Pending

	Add checking for invalid ivm, or it will crash racoon.

	Signed-off-by: Ming Liu <ming.liu@windriver.com>
	---
	isakmp_cfg.c \| 5 +++++
	1 file changed, 5 insertions(+)

	diff -urpN a/src/racoon/isakmp_cfg.c b/src/racoon/isakmp_cfg.c
	--- a/src/racoon/isakmp_cfg.c
	+++ b/src/racoon/isakmp_cfg.c
	@@ -171,6 +171,11 @@ isakmp_cfg_r(iph1, msg)
	iph1->mode_cfg->last_msgid != packet->msgid )
	iph1->mode_cfg->ivm =
	isakmp_cfg_newiv(iph1, packet->msgid);
	+ if(iph1->mode_cfg->ivm == NULL) {
	+ plog(LLV_ERROR, LOCATION, NULL,
	+ "failed to create new IV\n");
	+ return;
	+ }
	ivm = iph1->mode_cfg->ivm;

	dmsg = oakley_do_decrypt(iph1, msg, ivm->iv, ivm->ive);