Hello tech@,
Here is a small initial patch related to message fragmentation.
ikev2_msg_decrypt() claims to strip the padding from the decrypted IKE
payloads, but actually leaves it tacked on the end of the returned ibuf.
This is fine in the unfragmented case since the inner payloads have
their own lengths, but it is awkward to use the returned ibuf directly
as input to a fragment queue.
The patch below sets the proper size on the returned ibuf. The code
still functions well for me even in the unfragmented case.
-TimS
Index: ikev2_msg.c
===================================================================
RCS file: /cvs/src/sbin/iked/ikev2_msg.c,v
retrieving revision 1.53
diff -u -p -u -p -r1.53 ikev2_msg.c
--- ikev2_msg.c 27 Nov 2017 18:39:35 -0000 1.53
+++ ikev2_msg.c 18 Jul 2018 00:18:45 -0000
@@ -616,7 +616,7 @@ ikev2_msg_decrypt(struct iked *env, stru
__func__, outlen, encrlen, pad);
print_hex(ibuf_data(out), 0, ibuf_size(out));
- if (ibuf_setsize(out, outlen) != 0)
+ if (ibuf_setsize(out, outlen - pad - 1) != 0)
goto done;
ibuf_release(src);
