ipsec-317.220.1.tar.gz

author Apple <opensource@apple.com>

Thu, 6 Dec 2018 05:18:09 +0000 (05:18 +0000)

committer Apple <opensource@apple.com>

Thu, 6 Dec 2018 05:18:09 +0000 (05:18 +0000)
author Apple <opensource@apple.com>
Thu, 6 Dec 2018 05:18:09 +0000 (05:18 +0000)
committer Apple <opensource@apple.com>
Thu, 6 Dec 2018 05:18:09 +0000 (05:18 +0000)
diff --git a/ipsec-tools/racoon/ipsec_doi.c b/ipsec-tools/racoon/ipsec_doi.c

index 5a3086240c1c3c6fdea15dfc2c30a551cc0cc7ef..1b556579d2a0576de770896921aa534803cfbb9f 100644 (file)
--- a/ipsec-tools/racoon/ipsec_doi.c
+++ b/ipsec-tools/racoon/ipsec_doi.c
@@ -4082,9 +4082,13 @@ ipsecdoi_sockaddr2id(saddr, prefixlen, ul_proto)
                 if (prefixlen == (sizeof(struct in_addr) << 3)) {
                         type = IPSECDOI_ID_IPV4_ADDR;
                         len2 = 0;
-               } else {
+               } else if (prefixlen < (sizeof(struct in_addr) << 3)) {
                         type = IPSECDOI_ID_IPV4_ADDR_SUBNET;
                         len2 = sizeof(struct in_addr);
+               } else {
+                       plog(ASL_LEVEL_ERR,
+                               "invalid prefix length: %d.\n", prefixlen);
+                       return NULL;
                 }
                 sa = (caddr_t)&((struct sockaddr_in *)(saddr))->sin_addr;
                 port = ((struct sockaddr_in *)(saddr))->sin_port;
@@ -4095,9 +4099,13 @@ ipsecdoi_sockaddr2id(saddr, prefixlen, ul_proto)
                 if (prefixlen == (sizeof(struct in6_addr) << 3)) {
                         type = IPSECDOI_ID_IPV6_ADDR;
                         len2 = 0;
-               } else {
+               } else if (prefixlen < (sizeof(struct in6_addr) << 3)) {
                         type = IPSECDOI_ID_IPV6_ADDR_SUBNET;
                         len2 = sizeof(struct in6_addr);
+               } else {
+                       plog(ASL_LEVEL_ERR,
+                               "invalid prefix length: %d.\n", prefixlen);
+                       return NULL;
                 }
                 sa = (caddr_t)&((struct sockaddr_in6 *)(saddr))->sin6_addr;
                 port = ((struct sockaddr_in6 *)(saddr))->sin6_port;
diff --git a/ipsec-tools/racoon/sainfo.c b/ipsec-tools/racoon/sainfo.c

index 2aa57b71c9ee436642816ad57a8acef6cd0002e3..e2170bcc3b4f67eaab8a6368578789521c6f9f17 100644 (file)
--- a/ipsec-tools/racoon/sainfo.c
+++ b/ipsec-tools/racoon/sainfo.c
@@ -334,35 +334,39 @@ inssainfoalg(struct sainfoalg **head, struct sainfoalg *new)
  const char *
  sainfo2str(const struct sainfo *si)
  {
-    char *idsrc_str;
-    char *iddst_str;
-    char *idi_str;
+       char *idsrc_str;
+       char *iddst_str;
+       char *idi_str;
         static char buf[256];
  
         if (si->idsrc == NULL)
                 snprintf(buf, sizeof(buf), "anonymous");
         else {
-        idsrc_str = ipsecdoi_id2str(si->idsrc);
-        if (idsrc_str) {
-            snprintf(buf, sizeof(buf), "%s", idsrc_str);
-            racoon_free(idsrc_str);
-        }
-        iddst_str = ipsecdoi_id2str(si->iddst);
-        if (iddst_str) {
-            snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
-                     " %s", iddst_str);
-            racoon_free(iddst_str);
-        }
+               idsrc_str = ipsecdoi_id2str(si->idsrc);
+               if (idsrc_str) {
+                       snprintf(buf, sizeof(buf), "%s", idsrc_str);
+                       racoon_free(idsrc_str);
+               }
+               if (si->iddst == NULL) {
+                       snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), " anonymous");
+               } else {
+                       iddst_str = ipsecdoi_id2str(si->iddst);
+                       if (iddst_str) {
+                               snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
+                                       " %s", iddst_str);
+                               racoon_free(iddst_str);
+                       }
+               }
         }
  
         if (si->id_i != NULL) {
-        idi_str = ipsecdoi_id2str(si->id_i);
-        if (idi_str) {
-            snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
-                     " from %s", idi_str);
-            racoon_free(idi_str);
-        }
-    }
+               idi_str = ipsecdoi_id2str(si->id_i);
+               if (idi_str) {
+                       snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
+                               " from %s", idi_str);
+                       racoon_free(idi_str);
+               }
+       }
  
         return buf;
  }
author	Apple <opensource@apple.com>
	Thu, 6 Dec 2018 05:18:09 +0000 (05:18 +0000)
committer	Apple <opensource@apple.com>
	Thu, 6 Dec 2018 05:18:09 +0000 (05:18 +0000)
ipsec-tools/racoon/ipsec_doi.c		patch \| blob \| blame \| history
ipsec-tools/racoon/sainfo.c		patch \| blob \| blame \| history