From: Apple <opensource@apple.com>
Date: Thu, 6 Dec 2018 05:18:09 +0000 (+0000)
Subject: ipsec-317.220.1.tar.gz
X-Git-Tag: macos-10141^0
X-Git-Url: https://git.saurik.com/apple/ipsec.git/commitdiff_plain/e627a751fc4d26304657fc20440abb72632b1e6e

ipsec-317.220.1.tar.gz
---

diff --git a/ipsec-tools/racoon/ipsec_doi.c b/ipsec-tools/racoon/ipsec_doi.c
index 5a30862..1b55657 100644
--- a/ipsec-tools/racoon/ipsec_doi.c
+++ b/ipsec-tools/racoon/ipsec_doi.c
@@ -4082,9 +4082,13 @@ ipsecdoi_sockaddr2id(saddr, prefixlen, ul_proto)
 		if (prefixlen == (sizeof(struct in_addr) << 3)) {
 			type = IPSECDOI_ID_IPV4_ADDR;
 			len2 = 0;
-		} else {
+		} else if (prefixlen < (sizeof(struct in_addr) << 3)) {
 			type = IPSECDOI_ID_IPV4_ADDR_SUBNET;
 			len2 = sizeof(struct in_addr);
+		} else {
+			plog(ASL_LEVEL_ERR,
+				"invalid prefix length: %d.\n", prefixlen);
+			return NULL;
 		}
 		sa = (caddr_t)&((struct sockaddr_in *)(saddr))->sin_addr;
 		port = ((struct sockaddr_in *)(saddr))->sin_port;
@@ -4095,9 +4099,13 @@ ipsecdoi_sockaddr2id(saddr, prefixlen, ul_proto)
 		if (prefixlen == (sizeof(struct in6_addr) << 3)) {
 			type = IPSECDOI_ID_IPV6_ADDR;
 			len2 = 0;
-		} else {
+		} else if (prefixlen < (sizeof(struct in6_addr) << 3)) {
 			type = IPSECDOI_ID_IPV6_ADDR_SUBNET;
 			len2 = sizeof(struct in6_addr);
+		} else {
+			plog(ASL_LEVEL_ERR,
+				"invalid prefix length: %d.\n", prefixlen);
+			return NULL;
 		}
 		sa = (caddr_t)&((struct sockaddr_in6 *)(saddr))->sin6_addr;
 		port = ((struct sockaddr_in6 *)(saddr))->sin6_port;
diff --git a/ipsec-tools/racoon/sainfo.c b/ipsec-tools/racoon/sainfo.c
index 2aa57b7..e2170bc 100644
--- a/ipsec-tools/racoon/sainfo.c
+++ b/ipsec-tools/racoon/sainfo.c
@@ -334,35 +334,39 @@ inssainfoalg(struct sainfoalg **head, struct sainfoalg *new)
 const char *
 sainfo2str(const struct sainfo *si)
 {
-    char *idsrc_str;
-    char *iddst_str;
-    char *idi_str;
+	char *idsrc_str;
+	char *iddst_str;
+	char *idi_str;
 	static char buf[256];
 
 	if (si->idsrc == NULL)
 		snprintf(buf, sizeof(buf), "anonymous");
 	else {
-        idsrc_str = ipsecdoi_id2str(si->idsrc);
-        if (idsrc_str) {
-            snprintf(buf, sizeof(buf), "%s", idsrc_str);
-            racoon_free(idsrc_str);
-        }
-        iddst_str = ipsecdoi_id2str(si->iddst);
-        if (iddst_str) {
-            snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
-                     " %s", iddst_str);
-            racoon_free(iddst_str);
-        }
+		idsrc_str = ipsecdoi_id2str(si->idsrc);
+		if (idsrc_str) {
+			snprintf(buf, sizeof(buf), "%s", idsrc_str);
+			racoon_free(idsrc_str);
+		}
+		if (si->iddst == NULL) {
+			snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), " anonymous");
+		} else {
+			iddst_str = ipsecdoi_id2str(si->iddst);
+			if (iddst_str) {
+				snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
+					" %s", iddst_str);
+				racoon_free(iddst_str);
+			}
+		}
 	}
 
 	if (si->id_i != NULL) {
-        idi_str = ipsecdoi_id2str(si->id_i);
-        if (idi_str) {
-            snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
-                     " from %s", idi_str);
-            racoon_free(idi_str);
-        }
-    }
+		idi_str = ipsecdoi_id2str(si->id_i);
+		if (idi_str) {
+			snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
+				" from %s", idi_str);
+			racoon_free(idi_str);
+		}
+	}
 
 	return buf;
 }