From f09aa50116225d537aca6a8944e39036b0501333 Mon Sep 17 00:00:00 2001 From: bodea Date: Tue, 14 Jun 2005 04:47:24 +0000 Subject: [PATCH 1/1] fix segv in unhide_value --- Changes | 1 + l2tpns.c | 12 ++++++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/Changes b/Changes index 9c790f7..a1f3126 100644 --- a/Changes +++ b/Changes @@ -8,6 +8,7 @@ - Clarify usage of shutdown signals in documentation. - Always initialise PRNG. - Sanity check length of random_vector. +- Fix segv in unhide_value. * Sun Jun 5 2005 Brendan O'Dea 2.1.0 - Add IPv6 support from Jonathan McDowell. diff --git a/l2tpns.c b/l2tpns.c index bd255a3..7ce6e6b 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -4,7 +4,7 @@ // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced // vim: sw=8 ts=8 -char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.110 2005/06/14 03:36:23 bodea Exp $"; +char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.111 2005/06/14 04:47:24 bodea Exp $"; #include #include @@ -2024,8 +2024,6 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) continue; } - LOG(4, s, t, "Hidden AVP\n"); - // Unhide the AVP unhide_value(b, n, mtype, session[s].random_vector, session[s].random_vector_length); @@ -2046,7 +2044,9 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) n = orig_len; } - LOG(4, s, t, " AVP %d (%s) len %d\n", mtype, avp_name(mtype), n); + LOG(4, s, t, " AVP %d (%s) len %d%s%s\n", mtype, avp_name(mtype), n, + flags & 0x40 ? ", hidden" : "", flags & 0x80 ? ", mandatory" : ""); + switch (mtype) { case 0: // message type @@ -5011,11 +5011,11 @@ static void unhide_value(uint8_t *value, size_t len, uint16_t type, uint8_t *vec uint8_t digest[16]; uint8_t *last; size_t d = 0; + uint16_t m = htons(type); // Compute initial pad MD5Init(&ctx); - MD5Update(&ctx, (uint8_t) (type >> 8) & 0xff, 1); - MD5Update(&ctx, (uint8_t) type & 0xff, 1); + MD5Update(&ctx, (unsigned char *) &m, 2); MD5Update(&ctx, config->l2tpsecret, strlen(config->l2tpsecret)); MD5Update(&ctx, vector, vec_len); MD5Final(digest, &ctx); -- 2.20.1