Re: [Ipsec-tools-devel] [PATCH] 64-bit issue in ipsec_doi.c

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

>>>>> "Bill" == Bill Nottingham <no...@re...> writes:

> Basically, we only ever add 4 bytes to the packet, so incrementing
> the size by sizeof(time_t) is wrong on 64-bit platforms.

> Spotted by Al Viro.

> Bill

> --- ipsec-tools-0.5/src/racoon/ipsec_doi.c.foo	2005-03-28 14:05:24.000000000 -0500
> +++ ipsec-tools-0.5/src/racoon/ipsec_doi.c	2005-03-28 14:08:00.000000000 -0500
> @@ -2550,7 +2550,7 @@
>  		attrlen += sizeof(struct isakmp_data)
>  			+ sizeof(struct isakmp_data);
>  		if (sa->lifetime > 0xffff)
> -			attrlen += sizeof(sa->lifetime);
> +			attrlen += sizeof(u_int32_t);
>  		if (buf) {
>  			p = isakmp_set_attr_l(p, OAKLEY_ATTR_SA_LD_TYPE,
>  						OAKLEY_ATTR_SA_LD_TYPE_SEC);

This patch doesn't appear to be in CVS. A similar fix is needed for
sa->lifebyte. I wonder if a better fix is to simply redefine these lifetime
and lifebyte as unsigned ints in struct isakmpsa.

Ganesan

-- 
Ganesan Rajagopal (rganesan at debian.org) | GPG Key: 1024D/5D8C12EA
Web: http://employees.org/~rganesan        | http://rganesan.blogspot.com