[Openswan dev]
Re: [Openswan Users] [PATCH] openswan-1.0.0-roadwarrior-psk-rsa.diff
Mathieu Lafon
mlafon at arkoon.net
Wed Mar 17 16:50:27 CET 2004
On Fri, 12 Mar 2004, Mathieu Lafon wrote:
> I've made a patch to suppress one of pluto's current limitation : allow
> usage of both PSK and RSA authentication for roadwarriors.
>
> Comments are appreciated.
>
> Patch is against Openswan 1.0.0 and is available at
> http://open-source.arkoon.net/openswan.php
Patch has been updated to include a fix when an SPI is included in
ISAKMP Proposal (SSH Sentinel does that).
--
diff -ru openswan-1.0.0-psk-rsa/pluto/spdb.c
openswan-1.0.0-psk-rsa-2/pluto/spdb.c
--- openswan-1.0.0-psk-rsa/pluto/spdb.c Fri Mar 12 17:16:32 2004
+++ openswan-1.0.0-psk-rsa-2/pluto/spdb.c Wed Mar 17 17:44:16 2004
@@ -832,6 +832,17 @@
if (!in_struct(&proposal, &isakmp_proposal_desc, sa_pbs,
&proposal_pbs))
return LEMPTY;
+ if (proposal.isap_spisize > MAX_ISAKMP_SPI_SIZE)
+ return LEMPTY;
+
+ if (proposal.isap_spisize > 0)
+ {
+ u_char junk_spi[MAX_ISAKMP_SPI_SIZE];
+
+ if (!in_raw(junk_spi, proposal.isap_spisize, &proposal_pbs, "Oakley
SPI"))
+ return LEMPTY;
+ }
+
trans_left = proposal.isap_notrans;
while (trans_left--) {
if (!in_struct(&trans, &isakmp_isakmp_transform_desc, &proposal_pbs,
--
Mathieu Lafon - Arkoon Network Security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/dev/attachments/20040317/a3aaaf8e/attachment.htm
More information about the Dev
mailing list