From: Ganesan R. <rga...@us...> - 2005-04-19 11:06:14
|
>>>>> "Bill" == Bill Nottingham <no...@re...> writes: > Basically, we only ever add 4 bytes to the packet, so incrementing > the size by sizeof(time_t) is wrong on 64-bit platforms. > Spotted by Al Viro. > Bill > --- ipsec-tools-0.5/src/racoon/ipsec_doi.c.foo 2005-03-28 14:05:24.000000000 -0500 > +++ ipsec-tools-0.5/src/racoon/ipsec_doi.c 2005-03-28 14:08:00.000000000 -0500 > @@ -2550,7 +2550,7 @@ > attrlen += sizeof(struct isakmp_data) > + sizeof(struct isakmp_data); > if (sa->lifetime > 0xffff) > - attrlen += sizeof(sa->lifetime); > + attrlen += sizeof(u_int32_t); > if (buf) { > p = isakmp_set_attr_l(p, OAKLEY_ATTR_SA_LD_TYPE, > OAKLEY_ATTR_SA_LD_TYPE_SEC); This patch doesn't appear to be in CVS. A similar fix is needed for sa->lifebyte. I wonder if a better fix is to simply redefine these lifetime and lifebyte as unsigned ints in struct isakmpsa. Ganesan -- Ganesan Rajagopal (rganesan at debian.org) | GPG Key: 1024D/5D8C12EA Web: http://employees.org/~rganesan | http://rganesan.blogspot.com |