[Openswan dev] lost lines in modecfg code

Sascha.Grau at Stud.Tu-Ilmenau.De Sascha.Grau at Stud.Tu-Ilmenau.De
Thu Jan 20 11:11:41 CET 2005


I am still new in here, so please tell me if i got the wrong list.

While taking a look at pluto's xauth/modecfg code because of some non-standard behaviour of the
Netscreen device i am working with (does not end the xauth user/password transaction with an
Xauth_Status message if modecfg is enabled [changed some lines to work around this]), i noticed that
the parsing code for the modecfg attributes exists in the states 'modecfg_inI2' and 'modecfg_inR1'.
The first handles messages in server push mode, the other one does it in pull mode. This code is
equal in both state handlers except for the following lines:

1669: /* make sure that the port info is zeroed */
1670: setportof(0, &c->spd.this.client.addr);

They are absent in 'modecfg_inI2' and this leads to wrong Security Policies in server push mode,
because a local port number of 3336 is used instead of [any].

Probably this was already fixed due to some tests in client pull mode and the author forgot the
copy&pasted lines.

A simple first step is to add them in modecfg_inI2 too, but i think it would be better to put this
code into its own function.

Sascha Grau

More information about the Dev mailing list