diff options
author | Emanuel Haupt <ehaupt@FreeBSD.org> | 2017-11-14 13:21:03 +0000 |
---|---|---|
committer | Emanuel Haupt <ehaupt@FreeBSD.org> | 2017-11-14 13:21:03 +0000 |
commit | c94f67f402bdc50e639d2046b5bb8919de9ef038 (patch) | |
tree | c58f1a8718ee72e6d888769b05e3e3695b6dc189 /security/vpnc | |
parent | f7afbb284cce148a0a87cb251b22725f403d4a50 (diff) | |
download | ports-c94f67f402bdc50e639d2046b5bb8919de9ef038.tar.gz ports-c94f67f402bdc50e639d2046b5bb8919de9ef038.zip |
Fix an issue where vpnc cannot connect to AVM Fritzbox VPNs because of wrongly
reported lifetimes.
PR: 223664
Submitted by: stefan.wendler@tngtech.com
Notes
Notes:
svn path=/head/; revision=454173
Diffstat (limited to 'security/vpnc')
-rw-r--r-- | security/vpnc/Makefile | 2 | ||||
-rw-r--r-- | security/vpnc/files/patch-vpnc.c | 42 |
2 files changed, 39 insertions, 5 deletions
diff --git a/security/vpnc/Makefile b/security/vpnc/Makefile index 2fd0d87eec6c..f5990eb77ee5 100644 --- a/security/vpnc/Makefile +++ b/security/vpnc/Makefile @@ -3,7 +3,7 @@ PORTNAME= vpnc PORTVERSION= 0.5.3 -PORTREVISION= 12 +PORTREVISION= 13 CATEGORIES= security MASTER_SITES= http://www.unix-ag.uni-kl.de/~massar/vpnc/ \ LOCAL/ehaupt diff --git a/security/vpnc/files/patch-vpnc.c b/security/vpnc/files/patch-vpnc.c index 467a553f671b..5cf6a41ef88a 100644 --- a/security/vpnc/files/patch-vpnc.c +++ b/security/vpnc/files/patch-vpnc.c @@ -1,6 +1,40 @@ ---- ./vpnc.c.orig 2011-02-25 20:17:00.000000000 +0100 -+++ ./vpnc.c 2011-02-25 20:18:49.000000000 +0100 -@@ -2861,28 +2861,34 @@ +--- vpnc.c.orig 2008-11-19 21:55:51.000000000 +0100 ++++ vpnc.c 2017-11-10 13:09:32.996639000 +0100 +@@ -1160,8 +1160,11 @@ + value = a->next->u.attr_16; + else if (a->next->af == isakmp_attr_lots && a->next->u.lots.length == 4) + value = ntohl(*((uint32_t *) a->next->u.lots.data)); +- else +- assert(0); ++ else { ++ DEBUG(2, printf("got unknown ike lifetime attributes af %d len %d\n", ++ a->next->af, a->next->u.lots.length)); ++ return; ++ } + + DEBUG(2, printf("got ike lifetime attributes: %d %s\n", value, + (a->u.attr_16 == IKE_LIFE_TYPE_SECONDS) ? "seconds" : "kilobyte")); +@@ -1578,6 +1581,19 @@ + seen_natd_them = 1; + } + break; ++ case ISAKMP_PAYLOAD_N: ++ if (rp->u.n.type == ISAKMP_N_IPSEC_RESPONDER_LIFETIME) { ++ if (rp->u.n.protocol == ISAKMP_IPSEC_PROTO_ISAKMP) ++ lifetime_ike_process(s, rp->u.n.attributes); ++ else if (rp->u.n.protocol == ISAKMP_IPSEC_PROTO_IPSEC_ESP) ++ lifetime_ipsec_process(s, rp->u.n.attributes); ++ else ++ DEBUG(2, printf("got unknown lifetime notice, ignoring..\n")); ++ } else { ++ DEBUG(1, printf("rejecting ISAKMP_PAYLOAD_N, type is not lifetime\n")); ++ reject = ISAKMP_N_INVALID_PAYLOAD_TYPE; ++ } ++ break; + default: + DEBUG(1, printf("rejecting invalid payload type %d\n", rp->type)); + reject = ISAKMP_N_INVALID_PAYLOAD_TYPE; +@@ -2861,28 +2877,34 @@ free(dh_shared_secret); free_isakmp_packet(r); @@ -52,7 +86,7 @@ } s->ipsec.rx.seq_id = s->ipsec.tx.seq_id = 1; -@@ -3224,9 +3230,14 @@ +@@ -3224,9 +3246,14 @@ */ /* FIXME: any cleanup needed??? */ |