Print this page
8927 sadb_x_kmc_t's KM cookie should be 64-bits (fix improper upstream)
*** 2328,2338 ****
sq->kmc = 0;
sq->kmp = 0;
if ((match & IPSA_Q_KMC) && (sq->kmcext)) {
sq->kmp = sq->kmcext->sadb_x_kmc_proto;
! /* Be liberal in what we receive. Special-case IKEv1. */
if (sq->kmp == SADB_X_KMP_IKE) {
/* Just in case in.iked is misbehaving... */
sq->kmcext->sadb_x_kmc_reserved = 0;
}
sq->kmc = sq->kmcext->sadb_x_kmc_cookie64;
--- 2328,2343 ----
sq->kmc = 0;
sq->kmp = 0;
if ((match & IPSA_Q_KMC) && (sq->kmcext)) {
sq->kmp = sq->kmcext->sadb_x_kmc_proto;
! /*
! * Be liberal in what we receive. Special-case the IKEv1
! * cookie, which closed-source in.iked assumes is 32 bits.
! * Now that we store all 64 bits, we should pre-zero the
! * reserved field on behalf of closed-source in.iked.
! */
if (sq->kmp == SADB_X_KMP_IKE) {
/* Just in case in.iked is misbehaving... */
sq->kmcext->sadb_x_kmc_reserved = 0;
}
sq->kmc = sq->kmcext->sadb_x_kmc_cookie64;
*** 3135,3145 ****
newbie->ipsa_addtime = gethrestime_sec();
if (kmcext != NULL) {
newbie->ipsa_kmp = kmcext->sadb_x_kmc_proto;
! /* Be liberal in what we receive. Special-case IKEv1. */
if (newbie->ipsa_kmp == SADB_X_KMP_IKE) {
/* Just in case in.iked is misbehaving... */
kmcext->sadb_x_kmc_reserved = 0;
}
newbie->ipsa_kmc = kmcext->sadb_x_kmc_cookie64;
--- 3140,3155 ----
newbie->ipsa_addtime = gethrestime_sec();
if (kmcext != NULL) {
newbie->ipsa_kmp = kmcext->sadb_x_kmc_proto;
! /*
! * Be liberal in what we receive. Special-case the IKEv1
! * cookie, which closed-source in.iked assumes is 32 bits.
! * Now that we store all 64 bits, we should pre-zero the
! * reserved field on behalf of closed-source in.iked.
! */
if (newbie->ipsa_kmp == SADB_X_KMP_IKE) {
/* Just in case in.iked is misbehaving... */
kmcext->sadb_x_kmc_reserved = 0;
}
newbie->ipsa_kmc = kmcext->sadb_x_kmc_cookie64;