[Openswan dev] Fix for off-by-one bug in id.c

Paul Wouters paul at xelerance.com
Fri Mar 12 00:20:18 EST 2010

On Thu, 11 Mar 2010, Michael H. Warfield wrote:

> I've mentioned this one in a couple of message on-list and in private
> E-Mail to Paul.  There's an off-by-one bug in id.c impacting the
> leftid=@[foo] notation (key = foo key_id_type = KEY_ID) with is rather
> obscure to begin with.  leftid=@[foo works properly but leftid=@[foo] is
> suppose to discard the trailing ']' and is not because the check is off
> one character.  The attached patch fixes that...
> Please apply.  We need it for some classes of Cisco ASA devices.

I have applied it.

> Some of that syntax should be documented in the man pages but me and XML
> get along like garlic and vampires.  Sorry...

Could you look in /etc/ipsec.d/examples/ and give me such an example for
connecting to the Cisco ASA? I'd like to add that example. That should also
give me enough information to update the man page with the @[foo] syntax.

Thanks for your time and patch! I know you spend a lot of time on this.


More information about the Dev mailing list