Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

fixed responder's spi. responder didn't update his spi in payload to …

…be replyed.
  • Loading branch information...
commit 0bebd6b634aca6bd7c799ada5bbbc07c34ae715b 1 parent 6e7ba03
sakane authored
View
52 kame/kame/racoon/ipsec_doi.c
@@ -26,7 +26,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
-/* YIPS @(#)$Id: ipsec_doi.c,v 1.80 2000/06/08 16:02:13 sakane Exp $ */
+/* YIPS @(#)$Id: ipsec_doi.c,v 1.81 2000/06/12 09:35:06 sakane Exp $ */
#include <sys/types.h>
#include <sys/param.h>
@@ -611,6 +611,7 @@ ipsecdoi_selectph2proposal(iph2)
return -1;
/* make a SA to be replayed. */
+ /* SPI must be updated later. */
iph2->sa_ret = get_sabyproppair(ret, iph2->ph1);
free_proppair0(ret);
if (iph2->sa_ret == NULL)
@@ -1224,6 +1225,7 @@ get_transform(prop, pair, num_p)
/*
* make a new SA payload from prop_pair.
+ * NOTE: this function make spi value clear.
*/
static vchar_t *
get_sabyproppair(pair, iph1)
@@ -1275,6 +1277,7 @@ get_sabyproppair(pair, iph1)
((struct isakmp_pl_p *)bp)->h.len = htons(prophlen + trnslen);
((struct isakmp_pl_p *)bp)->num_t = 1;
np_p = &((struct isakmp_pl_p *)bp)->h.np;
+ memset(bp + sizeof(struct isakmp_pl_p), 0, p->prop->spi_size);
bp += prophlen;
/* create transform */
@@ -1288,6 +1291,53 @@ get_sabyproppair(pair, iph1)
}
/*
+ * update responder's spi
+ */
+int
+ipsecdoi_updatespi(iph2)
+ struct ph2handle *iph2;
+{
+ struct prop_pair **pair, *p;
+ struct saprop *pp;
+ struct saproto *pr;
+ int i;
+ int error = -1;
+
+ pair = get_proppair(iph2->sa_ret, IPSECDOI_TYPE_PH2);
+ if (pair == NULL)
+ return -1;
+ for (i = 0; i < MAXPROPPAIRLEN; i++) {
+ if (pair[i])
+ break;
+ }
+ if (i == MAXPROPPAIRLEN || pair[i]->tnext) {
+ /* multiple transform must be filtered by selectph2proposal.*/
+ goto end;
+ }
+
+ pp = iph2->approval;
+
+ /* create proposal payloads */
+ for (p = pair[i], pr = pp->head;
+ p && pr;
+ p = p->next, pr = pr->next) {
+
+ /* validity check */
+ if (p->prop->proto_id != pr->proto_id
+ || p->trns->t_id != pr->head->trns_id)
+ goto end;
+
+ memcpy((caddr_t)p->prop + sizeof(*p->prop), &pr->spi,
+ pr->spisize);
+ }
+
+ error = 0;
+end:
+ free_proppair(pair);
+ return error;
+}
+
+/*
* make a new SA payload from prop_pair.
*/
vchar_t *
View
3  kame/kame/racoon/ipsec_doi.h
@@ -26,7 +26,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
-/* YIPS @(#)$Id: ipsec_doi.h,v 1.18 2000/06/08 06:43:51 sakane Exp $ */
+/* YIPS @(#)$Id: ipsec_doi.h,v 1.19 2000/06/12 09:35:06 sakane Exp $ */
/* refered to RFC2407 */
@@ -160,6 +160,7 @@ extern int ipsecdoi_selectph2proposal __P((struct ph2handle *));
extern int ipsecdoi_checkph2proposal __P((struct ph2handle *));
extern struct prop_pair **get_proppair __P((vchar_t *, int));
+extern int ipsecdoi_updatespi __P((struct ph2handle *iph2));
extern vchar_t *get_sabysaprop __P((struct saprop *, vchar_t *));
extern int ipsecdoi_checkid1 __P((struct ph1handle *));
extern int ipsecdoi_setid1 __P((struct ph1handle *));
View
8 kame/kame/racoon/isakmp_quick.c
@@ -26,7 +26,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
-/* YIPS @(#)$Id: isakmp_quick.c,v 1.39 2000/06/08 16:02:13 sakane Exp $ */
+/* YIPS @(#)$Id: isakmp_quick.c,v 1.40 2000/06/12 09:35:06 sakane Exp $ */
#include <sys/types.h>
#include <sys/param.h>
@@ -1139,6 +1139,12 @@ quick_r2send(iph2, msg)
goto end;
}
+ /* update responders SPI */
+ if (ipsecdoi_updatespi(iph2) < 0) {
+ plog(logp, LOCATION, NULL, "failed to update spi.\n");
+ goto end;
+ }
+
/* generate NONCE value */
iph2->nonce = eay_set_random(iph2->ph1->rmconf->nonce_size);
if (iph2->nonce == NULL)
Please sign in to comment.
Something went wrong with that request. Please try again.