Module Name: src
Committed By: christos
Date: Sun Jul 23 05:40:28 UTC 2017
Modified Files:
src/crypto/dist/ipsec-tools/src/racoon: isakmp_frag.c
Log Message:
PR/51682: Antoine Beaupr�: Simplify and comment previous patch.
XXX: pullup-8
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c:1.6 src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c:1.7
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c:1.6 Tue Jan 24 14:23:31 2017
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c Sun Jul 23 01:40:27 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp_frag.c,v 1.6 2017/01/24 19:23:31 christos Exp $ */
+/* $NetBSD: isakmp_frag.c,v 1.7 2017/07/23 05:40:27 christos Exp $ */
/* Id: isakmp_frag.c,v 1.4 2004/11/13 17:31:36 manubsd Exp */
@@ -179,20 +179,26 @@ isakmp_frag_insert(struct ph1handle *iph
struct isakmp_frag_item *pitem = NULL;
struct isakmp_frag_item *citem = iph1->frag_chain;
+ /* no frag yet, just insert at beginning of list */
if (iph1->frag_chain == NULL) {
iph1->frag_chain = item;
return 0;
}
do {
+ /* duplicate fragment number, abort (CVE-2016-10396) */
if (citem->frag_num == item->frag_num)
return -1;
+ /* need to insert before current item */
if (citem->frag_num > item->frag_num) {
- if (pitem)
+ if (pitem != NULL)
pitem->frag_next = item;
+ else
+ /* insert at the beginning of the list */
+ iph1->frag_chain = item;
item->frag_next = citem;
- break;
+ return 0;
}
pitem = citem;
@@ -200,8 +206,7 @@ isakmp_frag_insert(struct ph1handle *iph
} while (citem != NULL);
/* we reached the end of the list, insert */
- if (citem == NULL)
- pitem->frag_next = item;
+ pitem->frag_next = item;
return 0;
}
