[Ipsec-tools-devel] racoon sends 'illegal' MODE_CFG replies

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

According to section 3.4 of the most recent (1999) expired MODE_CFG
draft RFC,

	Zero length attribute values are usually sent in a Request and
	MUST NOT be sent in a Response.
        
	http://tools.ietf.org/id/draft-ietf-ipsec-isakmp-mode-cfg-05.txt

When a 'UNITY' variable-length attribute is requested and no
corresponding value is configured, racoon will include a
zero-length attribute of the requested type in the reply. Some
clients, in particular, an Android implementation from Mocana I had to
support, choke on this. Below is a patch which presents that by
modifying the isakmp_cfg_varlen routine to return NULL when the len
argument passed to it has a value of zero.

--- ipsec-tools-0.8.0/src/racoon/isakmp_cfg.c   2010-09-21 14:14:17.000000000 +0100
+++ patched//src/racoon/isakmp_cfg.c    2013-04-10 18:43:46.745865812 +0100
@@ -1000,6 +1000,8 @@
        struct isakmp_data *new;
        char *data;
 
+       if (!len) return NULL;
+
        if ((buffer = vmalloc(sizeof(*attr) + len)) == NULL) {
                plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n");
                return NULL;


