From: Rainer W. <rwe...@mo...> - 2013-04-10 17:54:33
|
According to section 3.4 of the most recent (1999) expired MODE_CFG draft RFC, Zero length attribute values are usually sent in a Request and MUST NOT be sent in a Response. http://tools.ietf.org/id/draft-ietf-ipsec-isakmp-mode-cfg-05.txt When a 'UNITY' variable-length attribute is requested and no corresponding value is configured, racoon will include a zero-length attribute of the requested type in the reply. Some clients, in particular, an Android implementation from Mocana I had to support, choke on this. Below is a patch which presents that by modifying the isakmp_cfg_varlen routine to return NULL when the len argument passed to it has a value of zero. --- ipsec-tools-0.8.0/src/racoon/isakmp_cfg.c 2010-09-21 14:14:17.000000000 +0100 +++ patched//src/racoon/isakmp_cfg.c 2013-04-10 18:43:46.745865812 +0100 @@ -1000,6 +1000,8 @@ struct isakmp_data *new; char *data; + if (!len) return NULL; + if ((buffer = vmalloc(sizeof(*attr) + len)) == NULL) { plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); return NULL; |