From 49efd9a4da061812bda02beecc4a38979acd4d4b Mon Sep 17 00:00:00 2001
From: thorpej <thorpej>
Date: Fri, 4 Aug 2000 00:25:04 +0000
Subject: Fix a bug where the parser would fail if a keylength was not
 explicitly specified in a Phase-1 proposal statement.

Patch sent to sakane@kame.net.
---
 security/racoon/files/patch-sum  |  3 ++-
 security/racoon/patches/patch-ae | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 security/racoon/patches/patch-ae

(limited to 'security')

diff --git a/security/racoon/files/patch-sum b/security/racoon/files/patch-sum
index f001d2487ed..371025b1700 100644
--- a/security/racoon/files/patch-sum
+++ b/security/racoon/files/patch-sum
@@ -1,6 +1,7 @@
-$NetBSD: patch-sum,v 1.3 2000/07/30 16:56:37 itojun Exp $
+$NetBSD: patch-sum,v 1.4 2000/08/04 00:25:04 thorpej Exp $
 
 MD5 (patch-aa) = 09219a5e174dfd1af277d60c01e84a1d
 MD5 (patch-ab) = 1a2944fbce4cee174eade2cc0726c0ef
 MD5 (patch-ac) = 148e0972689931384d1c55d4f99d3f66
 MD5 (patch-ad) = 4a68eee8591dd85c8b17ba154b75c642
+MD5 (patch-ae) = d1c0c3ab86e0fd55f76520483f6559bd
diff --git a/security/racoon/patches/patch-ae b/security/racoon/patches/patch-ae
new file mode 100644
index 00000000000..cf2ab7f01a9
--- /dev/null
+++ b/security/racoon/patches/patch-ae
@@ -0,0 +1,37 @@
+$NetBSD: patch-ae,v 1.1 2000/08/04 00:25:06 thorpej Exp $
+--- cfparse.y.orig	Thu Aug  3 16:14:39 2000
++++ cfparse.y	Thu Aug  3 16:19:14 2000
+@@ -1107,6 +1107,7 @@
+ 	|	ALGORITHM_CLASS ALGORITHMTYPE keylength EOS
+ 		{
+ 			int doi;
++			int defklen;
+ 
+ 			doi = algtype2doi($1, $2);
+ 			if (doi == -1) {
+@@ -1116,9 +1117,22 @@
+ 			switch ($1) {
+ 			case algclass_isakmp_enc:
+ 				prhead->spspec->algclass[algclass_isakmp_enc] = doi;
+-				if (check_keylen($1, $2, $3) == -1)
+-					return -1;
+-				prhead->spspec->encklen = $3;
++				defklen = default_keylen($1, $2);
++				if (defklen == 0) {
++					if ($3) {
++						yyerror("keylen not allowed");
++						return -1;
++					}
++				} else {
++					if ($3 && check_keylen($1, $2, $3) < 0) {
++						yyerror("invalid keylen %d", $3);
++						return -1;
++					}
++				}
++				if ($3)
++					prhead->spspec->encklen = $3;
++				else
++					prhead->spspec->encklen = defklen;
+ 				break;
+ 			case algclass_isakmp_hash:
+ 				prhead->spspec->algclass[algclass_isakmp_hash] = doi;
-- 
cgit v1.2.3