matthias
/
iproute2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[iproute2] XFRM: fixing IPsec algorithm key 

(Logical change 1.82)
This commit is contained in:
org[shemminger]!nakam 2004-09-28 18:36:52 +00:00
parent 67efda2412
commit 54f7328aec
1 changed files with 22 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
ip/xfrm_state.c
View File

@ -114,34 +114,35 @@ static int xfrm_algo_parse(struct xfrm_algo *alg, enum xfrm_attr_type_t type,
strncpy(alg->alg_name, name, sizeof(alg->alg_name)); strncpy(alg->alg_name, name, sizeof(alg->alg_name));
if (slen > 2 && strncmp(key, "0x", 2) == 0) { if (slen > 2 && strncmp(key, "0x", 2) == 0) {
/* /* split two chars "0x" from the top */
* XXX: fix me!! char *p = key + 2;
int plen = slen - 2;
int i;
int j;
/* Converting hexadecimal numbered string into real key;
* Convert each two chars into one char(value). If number
* of the length is odd, add zero on the top for rounding.
*/ */
union {
__u64 x;
unsigned char p[8];
} val;
memset(&val, 0, sizeof(val)); /* calculate length of the converted values(real key) */
len = (plen + 1) / 2;
if (len > max)
invarg("\"ALGOKEY\" makes buffer overflow\n", key);
if (get_u64(&val.x, key, 16)) for (i = - (plen % 2), j = 0; j < len; i += 2, j++) {
invarg("\"ALGOKEY\" is invalid", key); char vbuf[3];
char val;
len = (slen - 2) / 2; vbuf[0] = i >= 0 ? p[i] : '0';
if (len > sizeof(val)) vbuf[1] = p[i + 1];
invarg("\"ALGOKEY\" is invalid: too large", key); vbuf[2] = '\0';
if (len > 0) { if (get_u8(&val, vbuf, 16))
int i; invarg("\"ALGOKEY\" is invalid", key);
if (len > max) alg->alg_key[j] = val;
invarg("\"ALGOKEY\" makes buffer overflow\n", key);
for (i = sizeof(val.p) - 1; i >= 0; i--) {
int j = sizeof(val.p) - 1 - i;
alg->alg_key[j] = val.p[i];
}
} }
} else { } else {
len = slen; len = slen;
if (len > 0) { if (len > 0) {