From 3daef399aa12707bd9256a87337e559c62bd9759 Mon Sep 17 00:00:00 2001 From: Apple Date: Mon, 20 Feb 2006 21:40:23 +0000 Subject: [PATCH] network_cmds-245.8.tar.gz --- alias/alias.c | 4 +++- racoon.tproj/isakmp.c | 2 +- racoon.tproj/isakmp_agg.c | 45 ++++++++++--------------------------- racoon.tproj/isakmp_ident.c | 15 ++++--------- racoon.tproj/main.c | 2 +- racoon.tproj/oakley.c | 44 ++++++++++++++++++++++-------------- 6 files changed, 48 insertions(+), 64 deletions(-) diff --git a/alias/alias.c b/alias/alias.c index 561245a..53273ab 100644 --- a/alias/alias.c +++ b/alias/alias.c @@ -212,9 +212,11 @@ static void DoMSSClamp(struct tcphdr *tc) if (packetAliasMSS < mssVal) { int accumulate = mssVal; + int accnetorder = 0 ; accumulate -= packetAliasMSS; *mssPtr = htons(packetAliasMSS); - ADJUST_CHECKSUM(accumulate, tc->th_sum); + accnetorder = htons(accumulate); + ADJUST_CHECKSUM(accnetorder, tc->th_sum); } option = optionEnd; diff --git a/racoon.tproj/isakmp.c b/racoon.tproj/isakmp.c index e188b3d..48c2967 100644 --- a/racoon.tproj/isakmp.c +++ b/racoon.tproj/isakmp.c @@ -1357,7 +1357,7 @@ isakmp_parsewoh(np0, gen, len) p->type = np; p->len = ntohs(gen->len); - if (p->len == 0 || p->len > tlen) { + if (p->len < sizeof(struct isakmp_gen) || p->len > tlen) { plog(LLV_DEBUG, LOCATION, NULL, "invalid length of payload\n"); vfree(result); diff --git a/racoon.tproj/isakmp_agg.c b/racoon.tproj/isakmp_agg.c index 7094101..7d31b9f 100644 --- a/racoon.tproj/isakmp_agg.c +++ b/racoon.tproj/isakmp_agg.c @@ -705,17 +705,10 @@ agg_i2send(iph1, msg) #ifdef IKE_NAT_T if (natd_type) { - if ((iph1->natt_flags & NATT_TYPE_MASK) == natt_type_apple) { - if (iph1->local_natd) - p = set_isakmp_payload(p, iph1->local_natd, natd_type); - if (iph1->remote_natd) - p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE); - } else { - if (iph1->remote_natd) - p = set_isakmp_payload(p, iph1->remote_natd, natd_type); - if (iph1->local_natd) - p = set_isakmp_payload(p, iph1->local_natd, ISAKMP_NPTYPE_NONE); - } + if (iph1->local_natd) + p = set_isakmp_payload(p, iph1->local_natd, natd_type); + if (iph1->remote_natd) + p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE); } #endif @@ -1162,17 +1155,10 @@ agg_r1send(iph1, msg) #ifdef IKE_NAT_T if (nattvid) { p = set_isakmp_payload(p, nattvid, iph1->natd_payload_type); - if ((iph1->natt_flags & NATT_TYPE_MASK) == natt_type_apple) { - if (iph1->local_natd) - p = set_isakmp_payload(p, iph1->local_natd, iph1->natd_payload_type); - if (iph1->remote_natd) - p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE); - } else { - if (iph1->remote_natd) - p = set_isakmp_payload(p, iph1->remote_natd, iph1->natd_payload_type); - if (iph1->local_natd) - p = set_isakmp_payload(p, iph1->local_natd, ISAKMP_NPTYPE_NONE); - } + if (iph1->local_natd) + p = set_isakmp_payload(p, iph1->local_natd, iph1->natd_payload_type); + if (iph1->remote_natd) + p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE); } #endif break; @@ -1256,17 +1242,10 @@ agg_r1send(iph1, msg) #ifdef IKE_NAT_T if (nattvid) { p = set_isakmp_payload(p, nattvid, iph1->natd_payload_type); - if ((iph1->natt_flags & NATT_TYPE_MASK) == natt_type_apple) { - if (iph1->local_natd) - p = set_isakmp_payload(p, iph1->local_natd, iph1->natd_payload_type); - if (iph1->remote_natd) - p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE); - } else { - if (iph1->remote_natd) - p = set_isakmp_payload(p, iph1->remote_natd, iph1->natd_payload_type); - if (iph1->local_natd) - p = set_isakmp_payload(p, iph1->local_natd, ISAKMP_NPTYPE_NONE); - } + if (iph1->local_natd) + p = set_isakmp_payload(p, iph1->local_natd, iph1->natd_payload_type); + if (iph1->remote_natd) + p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE); } #endif diff --git a/racoon.tproj/isakmp_ident.c b/racoon.tproj/isakmp_ident.c index 6ed424f..ca55619 100644 --- a/racoon.tproj/isakmp_ident.c +++ b/racoon.tproj/isakmp_ident.c @@ -1649,17 +1649,10 @@ ident_ir2mx(iph1) #ifdef IKE_NAT_T if (natd_type) { - if ((iph1->natt_flags & NATT_TYPE_MASK) == natt_type_apple) { - if (iph1->local_natd) - p = set_isakmp_payload(p, iph1->local_natd, natd_type); - if (iph1->remote_natd) - p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE); - } else { - if (iph1->remote_natd) - p = set_isakmp_payload(p, iph1->remote_natd, natd_type); - if (iph1->local_natd) - p = set_isakmp_payload(p, iph1->local_natd, ISAKMP_NPTYPE_NONE); - } + if (iph1->local_natd) + p = set_isakmp_payload(p, iph1->local_natd, natd_type); + if (iph1->remote_natd) + p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE); } #endif error = 0; diff --git a/racoon.tproj/main.c b/racoon.tproj/main.c index 99b60f2..d48dc81 100644 --- a/racoon.tproj/main.c +++ b/racoon.tproj/main.c @@ -138,7 +138,7 @@ main(ac, av) char **av; { int error; - + if (geteuid() != 0) { errx(1, "must be root to invoke this program."); /* NOTREACHED*/ diff --git a/racoon.tproj/oakley.c b/racoon.tproj/oakley.c index 5017f66..8d1a475 100644 --- a/racoon.tproj/oakley.c +++ b/racoon.tproj/oakley.c @@ -2099,23 +2099,28 @@ oakley_skeyid(iph1) /* SKEYID */ switch(iph1->approval->authmethod) { - case OAKLEY_ATTR_AUTH_METHOD_PSKEY: - /* if we have a preshared key defined, just use it */ - if (iph1->rmconf->shared_secret) { - - switch (iph1->rmconf->secrettype) { - case SECRETTYPE_KEY: - iph1->authstr = getpsk(iph1->rmconf->shared_secret->v, iph1->rmconf->shared_secret->l-1); - break; - case SECRETTYPE_KEYCHAIN: - iph1->authstr = getpskfromkeychain(iph1->rmconf->shared_secret->v); - break; - case SECRETTYPE_USE: - default: - iph1->authstr = vdup(iph1->rmconf->shared_secret); - } - - } + case OAKLEY_ATTR_AUTH_METHOD_PSKEY: + if (iph1->nonce_p == NULL) { + plog(LLV_ERROR, LOCATION, NULL, + "no nonce payload received from peer.\n"); + goto end; + } + /* if we have a preshared key defined, just use it */ + if (iph1->rmconf->shared_secret) { + + switch (iph1->rmconf->secrettype) { + case SECRETTYPE_KEY: + iph1->authstr = getpsk(iph1->rmconf->shared_secret->v, iph1->rmconf->shared_secret->l-1); + break; + case SECRETTYPE_KEYCHAIN: + iph1->authstr = getpskfromkeychain(iph1->rmconf->shared_secret->v); + break; + case SECRETTYPE_USE: + default: + iph1->authstr = vdup(iph1->rmconf->shared_secret); + } + + } else if (iph1->etype != ISAKMP_ETYPE_IDENT) { iph1->authstr = getpskbyname(iph1->id_p); if (iph1->authstr == NULL) { @@ -2180,6 +2185,11 @@ oakley_skeyid(iph1) #ifdef HAVE_GSSAPI case OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB: #endif + if (iph1->nonce_p == NULL) { + plog(LLV_ERROR, LOCATION, NULL, + "no nonce payload received from peer.\n"); + goto end; + } len = iph1->nonce->l + iph1->nonce_p->l; buf = vmalloc(len); if (buf == NULL) { -- 2.47.2