From: Michal L. <lu...@us...> - 2004-04-19 06:22:32
|
Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30922/src/racoon Modified Files: isakmp.c Log Message: 2004-04-19 Michal Ludvig <ml...@su...> * src/racoon/isakmp.c (isakmp_handler): Reject too big packets (CAN-2004-0403). Index: isakmp.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/isakmp.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -d -r1.10 -r1.11 --- isakmp.c 9 Mar 2004 15:50:23 -0000 1.10 +++ isakmp.c 19 Apr 2004 06:22:24 -0000 1.11 @@ -214,6 +214,18 @@ if ((len = recvfrom(so_isakmp, (char *)&isakmp, sizeof(isakmp), 0, (struct sockaddr *)&remote, &remote_len)) < 0) { plog(LLV_ERROR, LOCATION, NULL, + "failed to receive isakmp packet\n"); + } + goto end; + } + + /* reject it if the size is tooooo big. */ + if (ntohl(isakmp.len) > 0xffff) { + plog(LLV_ERROR, LOCATION, NULL, + "the length of the isakmp header is too big.\n"); + if ((len = recvfrom(so_isakmp, (char *)&isakmp, sizeof(isakmp), + 0, (struct sockaddr *)&remote, &remote_len)) < 0) { + plog(LLV_ERROR, LOCATION, NULL, "failed to receive isakmp packet: %s\n", strerror (errno)); } |