Permalink
Browse files

reject the packet if the length is too big.

  • Loading branch information...
1 parent ff4e6b3 commit 647c846309ecdff203d59ada987a99b828c07abd sakane committed Mar 31, 2004
Showing with 13 additions and 1 deletion.
  1. +13 −1 kame/kame/racoon/isakmp.c
View
@@ -1,4 +1,4 @@
-/* $KAME: isakmp.c,v 1.180 2004/03/03 05:39:58 sakane Exp $ */
+/* $KAME: isakmp.c,v 1.181 2004/03/31 03:14:39 sakane Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -189,6 +189,18 @@ isakmp_handler(so_isakmp)
goto end;
}
+ /* reject it if the size is tooooo big. */
+ if (ntohl(isakmp.len) > 0xffff) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "the length of the isakmp header is too big.\n");
+ if ((len = recvfrom(so_isakmp, (char *)&isakmp, sizeof(isakmp),
+ 0, (struct sockaddr *)&remote, &remote_len)) < 0) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "failed to receive isakmp packet\n");
+ }
+ goto end;
+ }
+
/* read real message */
if ((buf = vmalloc(ntohl(isakmp.len))) == NULL) {
plog(LLV_ERROR, LOCATION, NULL,

0 comments on commit 647c846

Please sign in to comment.