Date: Tue, 14 Nov 2017 13:21:04 +0000 (UTC) From: Emanuel Haupt <ehaupt@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r454173 - in head/security/vpnc: . files Message-ID: <201711141321.vAEDL4Gh046805@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ehaupt Date: Tue Nov 14 13:21:03 2017 New Revision: 454173 URL: https://svnweb.freebsd.org/changeset/ports/454173 Log: Fix an issue where vpnc cannot connect to AVM Fritzbox VPNs because of wrongly reported lifetimes. PR: 223664 Submitted by: stefan.wendler@tngtech.com Modified: head/security/vpnc/Makefile head/security/vpnc/files/patch-vpnc.c Modified: head/security/vpnc/Makefile ============================================================================== --- head/security/vpnc/Makefile Tue Nov 14 12:40:31 2017 (r454172) +++ head/security/vpnc/Makefile Tue Nov 14 13:21:03 2017 (r454173) @@ -3,7 +3,7 @@ PORTNAME= vpnc PORTVERSION= 0.5.3 -PORTREVISION= 12 +PORTREVISION= 13 CATEGORIES= security MASTER_SITES= http://www.unix-ag.uni-kl.de/~massar/vpnc/ \ LOCAL/ehaupt Modified: head/security/vpnc/files/patch-vpnc.c ============================================================================== --- head/security/vpnc/files/patch-vpnc.c Tue Nov 14 12:40:31 2017 (r454172) +++ head/security/vpnc/files/patch-vpnc.c Tue Nov 14 13:21:03 2017 (r454173) @@ -1,6 +1,40 @@ ---- ./vpnc.c.orig 2011-02-25 20:17:00.000000000 +0100 -+++ ./vpnc.c 2011-02-25 20:18:49.000000000 +0100 -@@ -2861,28 +2861,34 @@ +--- vpnc.c.orig 2008-11-19 21:55:51.000000000 +0100 ++++ vpnc.c 2017-11-10 13:09:32.996639000 +0100 +@@ -1160,8 +1160,11 @@ + value = a->next->u.attr_16; + else if (a->next->af == isakmp_attr_lots && a->next->u.lots.length == 4) + value = ntohl(*((uint32_t *) a->next->u.lots.data)); +- else +- assert(0); ++ else { ++ DEBUG(2, printf("got unknown ike lifetime attributes af %d len %d\n", ++ a->next->af, a->next->u.lots.length)); ++ return; ++ } + + DEBUG(2, printf("got ike lifetime attributes: %d %s\n", value, + (a->u.attr_16 == IKE_LIFE_TYPE_SECONDS) ? "seconds" : "kilobyte")); +@@ -1578,6 +1581,19 @@ + seen_natd_them = 1; + } + break; ++ case ISAKMP_PAYLOAD_N: ++ if (rp->u.n.type == ISAKMP_N_IPSEC_RESPONDER_LIFETIME) { ++ if (rp->u.n.protocol == ISAKMP_IPSEC_PROTO_ISAKMP) ++ lifetime_ike_process(s, rp->u.n.attributes); ++ else if (rp->u.n.protocol == ISAKMP_IPSEC_PROTO_IPSEC_ESP) ++ lifetime_ipsec_process(s, rp->u.n.attributes); ++ else ++ DEBUG(2, printf("got unknown lifetime notice, ignoring..\n")); ++ } else { ++ DEBUG(1, printf("rejecting ISAKMP_PAYLOAD_N, type is not lifetime\n")); ++ reject = ISAKMP_N_INVALID_PAYLOAD_TYPE; ++ } ++ break; + default: + DEBUG(1, printf("rejecting invalid payload type %d\n", rp->type)); + reject = ISAKMP_N_INVALID_PAYLOAD_TYPE; +@@ -2861,28 +2877,34 @@ free(dh_shared_secret); free_isakmp_packet(r); @@ -52,7 +86,7 @@ } s->ipsec.rx.seq_id = s->ipsec.tx.seq_id = 1; -@@ -3224,9 +3230,14 @@ +@@ -3224,9 +3246,14 @@ */ /* FIXME: any cleanup needed??? */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201711141321.vAEDL4Gh046805>