This is the second version of this patch. Apply by doing: cd /usr/src patch -p0 < 010_isakmpd.patch Then rebuild and install isakmpd: cd sbin/isakmpd make obj make cleandir make depend make make install Index: sbin/isakmpd/message.c =================================================================== RCS file: /cvs/src/sbin/isakmpd/message.c,v retrieving revision 1.49 diff -u -r1.49 message.c --- sbin/isakmpd/message.c 26 Mar 2002 13:19:28 -0000 1.49 +++ sbin/isakmpd/message.c 5 Jul 2002 12:11:57 -0000 @@ -497,6 +505,14 @@ struct exchange *exchange = msg->exchange; size_t len = GET_ISAKMP_GEN_LENGTH (p->p); + if (!exchange) + { + /* We should have an exchange at this point. */ + log_print ("message_validate_id: payload out of sequence"); + message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1); + return -1; + } + if (exchange->doi && exchange->doi->validate_id_information (GET_ISAKMP_ID_TYPE (p->p), p->p + ISAKMP_ID_DOI_DATA_OFF, @@ -517,6 +533,14 @@ struct exchange *exchange = msg->exchange; size_t len = GET_ISAKMP_GEN_LENGTH (p->p); + if (!exchange) + { + /* We should have an exchange at this point. */ + log_print ("message_validate_key_exch: payload out of sequence"); + message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1); + return -1; + } + if (exchange->doi && exchange->doi->validate_key_information (p->p + ISAKMP_KE_DATA_OFF, len - ISAKMP_KE_DATA_OFF)) @@ -531,6 +555,14 @@ static int message_validate_nonce (struct message *msg, struct payload *p) { + if (!msg->exchange) + { + /* We should have an exchange at this point. */ + log_print ("message_validate_nonce: payload out of sequence"); + message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1); + return -1; + } + /* Nonces require no specific validation. */ return 0; } @@ -603,6 +635,14 @@ u_int8_t proto = GET_ISAKMP_PROP_PROTO (p->p); u_int8_t *sa = p->context->p; + if (!msg->exchange) + { + /* We should have an exchange at this point. */ + log_print ("message_validate_proposal: payload out of sequence"); + message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1); + return -1; + } + if (proto != ISAKMP_PROTO_ISAKMP && msg->exchange->doi->validate_proto (proto)) { @@ -732,6 +772,14 @@ static int message_validate_sig (struct message *msg, struct payload *p) { + if (!msg->exchange) + { + /* We should have an exchange at this point. */ + log_print ("message_validate_sig: payload out of sequence"); + message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1); + return -1; + } + /* XXX Not implemented yet. */ return 0; } @@ -743,6 +791,14 @@ u_int8_t proto = GET_ISAKMP_PROP_PROTO (p->context->p); u_int8_t *prop = p->context->p; + if (!msg->exchange) + { + /* We should have an exchange at this point. */ + log_print ("message_validate_transform: payload out of sequence"); + message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1); + return -1; + } + if (msg->exchange->doi ->validate_transform_id (proto, GET_ISAKMP_TRANSFORM_ID (p->p))) { @@ -787,6 +843,14 @@ static int message_validate_vendor (struct message *msg, struct payload *p) { + if (!msg->exchange) + { + /* We should have an exchange at this point. */ + log_print ("message_validate_vendor: payload out of sequence"); + message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1); + return -1; + } + /* Vendor IDs are only allowed in phase 1. */ if (msg->exchange->phase != 1) {