Print this page
8927 sadb_x_kmc_t's KM cookie should be 64-bits (fix improper upstream)
@@ -2328,11 +2328,16 @@
sq->kmc = 0;
sq->kmp = 0;
if ((match & IPSA_Q_KMC) && (sq->kmcext)) {
sq->kmp = sq->kmcext->sadb_x_kmc_proto;
- /* Be liberal in what we receive. Special-case IKEv1. */
+ /*
+ * Be liberal in what we receive. Special-case the IKEv1
+ * cookie, which closed-source in.iked assumes is 32 bits.
+ * Now that we store all 64 bits, we should pre-zero the
+ * reserved field on behalf of closed-source in.iked.
+ */
if (sq->kmp == SADB_X_KMP_IKE) {
/* Just in case in.iked is misbehaving... */
sq->kmcext->sadb_x_kmc_reserved = 0;
}
sq->kmc = sq->kmcext->sadb_x_kmc_cookie64;
@@ -3135,11 +3140,16 @@
newbie->ipsa_addtime = gethrestime_sec();
if (kmcext != NULL) {
newbie->ipsa_kmp = kmcext->sadb_x_kmc_proto;
- /* Be liberal in what we receive. Special-case IKEv1. */
+ /*
+ * Be liberal in what we receive. Special-case the IKEv1
+ * cookie, which closed-source in.iked assumes is 32 bits.
+ * Now that we store all 64 bits, we should pre-zero the
+ * reserved field on behalf of closed-source in.iked.
+ */
if (newbie->ipsa_kmp == SADB_X_KMP_IKE) {
/* Just in case in.iked is misbehaving... */
kmcext->sadb_x_kmc_reserved = 0;
}
newbie->ipsa_kmc = kmcext->sadb_x_kmc_cookie64;