Attachment #182827 for bug #218907




    if (len > TCP_KEYLEN_MAX)
      ERR_MSG("The password for TCP MD5 Signature is too long");

    if (setkey_md5(&src, &dst, passwd, SADB_ADD) < 0 ||
	setkey_md5(&dst, &src, passwd, SADB_ADD) < 0)
      ERR_MSG("Cannot add TCP-MD5 password into the IPsec SA/SP database");
  }
  else
  {
    if (setkey_md5(&src, &dst, NULL, SADB_DELETE) < 0 &&
	setkey_md5(&dst, &src, NULL, SADB_DELETE) < 0)
      ERR_MSG("Cannot delete TCP-MD5 password from the IPsec SA/SP database");
  }
  return 0;

Return to bug 218907

Lines 158-169 sk_set_md5_in_sasp_db(sock *s, ip_addr local, ip_addr Link Here

(-)sysdep/bsd/setkey.h (-2 / +4 lines)
158	if (len > TCP_KEYLEN_MAX)	158	if (len > TCP_KEYLEN_MAX)
159	ERR_MSG("The password for TCP MD5 Signature is too long");	159	ERR_MSG("The password for TCP MD5 Signature is too long");
160		160
161	if (setkey_md5(&src, &dst, passwd, SADB_ADD) < 0)	161	if (setkey_md5(&src, &dst, passwd, SADB_ADD) < 0 \|\|
		162	setkey_md5(&dst, &src, passwd, SADB_ADD) < 0)
162	ERR_MSG("Cannot add TCP-MD5 password into the IPsec SA/SP database");	163	ERR_MSG("Cannot add TCP-MD5 password into the IPsec SA/SP database");
163	}	164	}
164	else	165	else
165	{	166	{
166	if (setkey_md5(&src, &dst, NULL, SADB_DELETE) < 0)	167	if (setkey_md5(&src, &dst, NULL, SADB_DELETE) < 0 &&
		168	setkey_md5(&dst, &src, NULL, SADB_DELETE) < 0)
167	ERR_MSG("Cannot delete TCP-MD5 password from the IPsec SA/SP database");	169	ERR_MSG("Cannot delete TCP-MD5 password from the IPsec SA/SP database");
168	}	170	}
169	return 0;	171	return 0;