FreeBSD Bugzilla – Attachment 161414 Details for
Bug 203308
wildcard patch in security/ipsec-tools breaks aggressive tunnels
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
ipsec-tools.diff (text/plain), 2.92 KB, created by
Kurt Jaeger
on 2015-09-26 11:14:25 UTC
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Kurt Jaeger
Created:
2015-09-26 11:14:25 UTC
Size:
2.92 KB
patch
obsolete
>diff -r -u -N security/ipsec-tools/files/patch-src-racoon-isakmp_cfg.c /home/pi/myp/security/ipsec-tools/files/patch-src-racoon-isakmp_cfg.c >--- security/ipsec-tools/files/patch-src-racoon-isakmp_cfg.c 2015-08-01 00:51:01.246537000 +0200 >+++ /home/pi/myp/security/ipsec-tools/files/patch-src-racoon-isakmp_cfg.c 2015-09-26 13:08:37.243554000 +0200 >@@ -1,4 +1,4 @@ >---- src/racoon/isakmp_cfg.c >+--- src/racoon/isakmp_cfg.c.orig 2013-04-12 10:04:21 UTC > +++ src/racoon/isakmp_cfg.c > @@ -38,7 +38,9 @@ > #include <sys/socket.h> >@@ -10,7 +10,7 @@ > #if defined(__APPLE__) && defined(__MACH__) > #include <util.h> > #endif >-@@ -1663,6 +1665,7 @@ >+@@ -1663,6 +1665,7 @@ isakmp_cfg_accounting_system(port, raddr > char *usr; > int inout; > { >@@ -18,7 +18,7 @@ > int error = 0; > struct utmpx ut; > char addr[NI_MAXHOST]; >-@@ -1706,6 +1709,7 @@ >+@@ -1706,6 +1709,7 @@ isakmp_cfg_accounting_system(port, raddr > plog(LLV_ERROR, LOCATION, NULL, "Unepected inout\n"); > break; > } >diff -r -u -N security/ipsec-tools/files/patch-src_racoon_gssapi.c /home/pi/myp/security/ipsec-tools/files/patch-src_racoon_gssapi.c >--- security/ipsec-tools/files/patch-src_racoon_gssapi.c 2015-08-01 00:51:01.248597000 +0200 >+++ /home/pi/myp/security/ipsec-tools/files/patch-src_racoon_gssapi.c 2015-09-26 13:08:37.007373000 +0200 >@@ -1,4 +1,4 @@ >---- src/racoon/gssapi.c.orig 2015-05-19 16:38:06 UTC >+--- src/racoon/gssapi.c.orig 2006-09-09 16:22:09 UTC > +++ src/racoon/gssapi.c > @@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1) > gss_name_t princ, canon_princ; >diff -r -u -N security/ipsec-tools/files/patch-src_racoon_oakley.c /home/pi/myp/security/ipsec-tools/files/patch-src_racoon_oakley.c >--- security/ipsec-tools/files/patch-src_racoon_oakley.c 1970-01-01 01:00:00.000000000 +0100 >+++ /home/pi/myp/security/ipsec-tools/files/patch-src_racoon_oakley.c 2015-09-26 13:08:37.706865000 +0200 >@@ -0,0 +1,31 @@ >+--- src/racoon/oakley.c.orig 2012-08-29 11:35:09 UTC >++++ src/racoon/oakley.c >+@@ -2391,6 +2391,7 @@ oakley_skeyid(iph1) >+ char *p; >+ int len; >+ int error = -1; >++ struct ipsecdoi_id_b *id_b; >+ >+ /* SKEYID */ >+ switch (iph1->approval->authmethod) { >+@@ -2400,7 +2401,19 @@ oakley_skeyid(iph1) >+ case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R: >+ #endif >+ if (iph1->etype != ISAKMP_ETYPE_IDENT) { >+- iph1->authstr = getpskbyname(iph1->id_p); >++ id_b = (struct ipsecdoi_id_b *)iph1->id_p->v; >++ >++ if (id_b->type != IPSECDOI_ID_IPV4_ADDR >++ && id_b->type != IPSECDOI_ID_IPV6_ADDR) { >++ iph1->authstr = getpskbyname(iph1->id_p); >++ } else { >++ struct sockaddr addr; >++ u_int8_t prefix; >++ u_int16_t ul_proto; >++ if (!ipsecdoi_id2sockaddr(iph1->id_p, &addr, &prefix, &ul_proto)) { >++ iph1->authstr = getpskbyaddr(&addr); >++ } >++ } >+ if (iph1->authstr == NULL) { >+ if (iph1->rmconf->verify_identifier) { >+ plog(LLV_ERROR, LOCATION, iph1->remote,
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 203308
:
161355
| 161414