#include <stdint.h>
#endif
#include <ctype.h>
-#include <resolv.h>
#include "var.h"
#include "misc.h"
return;
}
- plog(ASL_LEVEL_DEBUG, "MODE_CFG packet\n");
+ plog(ASL_LEVEL_NOTICE, "MODE_CFG packet\n");
/* Now work with the decrypted packet */
packet = (struct isakmp *)dmsg->v;
{
int type = attrpl->type;
- plog(ASL_LEVEL_DEBUG,
+ plog(ASL_LEVEL_NOTICE,
"Configuration exchange type %s\n", s_isakmp_cfg_ptype(type));
switch (type) {
case ISAKMP_CFG_ACK:
tlen -= sizeof(*attrpl);
while (tlen > 0) {
+ if (tlen < sizeof(struct isakmp_data)) {
+ plog(ASL_LEVEL_ERR,
+ "isakmp_cfg_reply invalid length of isakmp data, expected %zu actual %d\n",
+ sizeof(struct isakmp_data), tlen);
+ return -1;
+ }
type = ntohs(attr->type);
/* Handle short attributes */
alen = ntohs(attr->lorv);
/* Check that the attribute fit in the packet */
- if (tlen < alen) {
- plog(ASL_LEVEL_ERR,
- "Short attribute %s\n",
- s_isakmp_cfg_type(type));
+ if (tlen < (alen + sizeof(struct isakmp_data))) {
+ plog(ASL_LEVEL_ERR,
+ "Short attribute %s len %zu\n",
+ s_isakmp_cfg_type(type), alen);
return -1;
}
memset(payload->v, 0, sizeof(*reply));
while (tlen > 0) {
+ if (tlen < sizeof(struct isakmp_data)) {
+ plog(ASL_LEVEL_ERR,
+ "isakmp_cfg_request invalid length of isakmp data, expected %zu actual %d\n",
+ sizeof(struct isakmp_data), tlen);
+ goto end;
+ }
reply_attr = NULL;
type = ntohs(attr->type);
alen = ntohs(attr->lorv);
/* Check that the attribute fit in the packet */
- if (tlen < alen) {
- plog(ASL_LEVEL_ERR,
- "Short attribute %s\n",
- s_isakmp_cfg_type(type));
+ if (tlen < (sizeof(struct isakmp_data) + alen)) {
+ plog(ASL_LEVEL_ERR,
+ "Short attribute %s len %zu\n",
+ s_isakmp_cfg_type(type), alen);
goto end;
}
reply->type = ISAKMP_CFG_REPLY;
reply->id = attrpl->id;
- plog(ASL_LEVEL_DEBUG,
+ plog(ASL_LEVEL_NOTICE,
"Sending MODE_CFG REPLY\n");
error = isakmp_cfg_send(iph1, payload,
* We should send ack for the attributes we accepted
*/
while (tlen > 0) {
+ if (tlen < sizeof(struct isakmp_data)) {
+ plog(ASL_LEVEL_ERR,
+ "isakmp_cfg_set invalid length of isakmp data, expected %zu actual %d\n",
+ sizeof(struct isakmp_data), tlen);
+ vfree(payload);
+ return error;
+ }
reply_attr = NULL;
type = ntohs(attr->type);
attr++;
} else {
alen = ntohs(attr->lorv);
+ if (tlen < (sizeof(*attr) + alen)) {
+ plog(ASL_LEVEL_ERR,
+ "isakmp_cfg_set packet too short for type %d, expected %zu actual %zu\n",
+ type, alen, tlen - sizeof(*attr));
+ vfree(payload);
+ return error;
+ }
tlen -= (sizeof(*attr) + alen);
npp = (char *)attr;
attr = (struct isakmp_data *)
reply->type = ISAKMP_CFG_ACK;
reply->id = attrpl->id;
- plog(ASL_LEVEL_DEBUG,
+ plog(ASL_LEVEL_NOTICE,
"Sending MODE_CFG ACK\n");
error = isakmp_cfg_send(iph1, payload,
isakmp_printpacket(iph2->sendbuf, iph1->local, iph1->remote, 1);
#endif
- plog(ASL_LEVEL_DEBUG, "MODE_CFG packet to send\n");
+ plog(ASL_LEVEL_NOTICE, "MODE_CFG packet to send\n");
/* encoding */
if (ISSET(isakmp->flags, ISAKMP_FLAG_E)) {
}
}
- plog(ASL_LEVEL_DEBUG,
+ plog(ASL_LEVEL_NOTICE,
"sendto mode config %s.\n", s_isakmp_nptype(np));
/*
isakmp_cfg_config.port_pool[i].used = 1;
- plog(ASL_LEVEL_INFO, "Using port %d\n", i);
+ plog(ASL_LEVEL_NOTICE, "Using port %d\n", i);
iph1->mode_cfg->flags |= ISAKMP_CFG_PORT_ALLOCATED;
iph1->mode_cfg->port = i;
isakmp_cfg_config.port_pool[index].used = 0;
iph1->mode_cfg->flags &= ISAKMP_CFG_PORT_ALLOCATED;
- plog(ASL_LEVEL_INFO, "Released port %d\n", index);
+ plog(ASL_LEVEL_NOTICE, "Released port %d\n", index);
return 0;
}
}
}
- plog(ASL_LEVEL_DEBUG,
+ plog(ASL_LEVEL_NOTICE,
"Sending MODE_CFG REQUEST\n");
error = isakmp_cfg_send(iph1, buffer,
if (size == isakmp_cfg_config.pool_size)
return 0;
- plog(ASL_LEVEL_INFO,
+ plog(ASL_LEVEL_NOTICE,
"Resize address pool from %zu to %d\n",
isakmp_cfg_config.pool_size, size);
projects / apple / ipsec.git / blobdiff