Download raw body.
diff: iked, identity check
On Sat, 23 Mar 2024 12:44:11 +0900 (JST)
YASUOKA Masahiko <yasuoka@openbsd.org> wrote:
> Hello,
>
> I am testing iked with Android native IKEv2 client. It sends an
> identity response with length zero, but iked drops it. In RFC3748
> length zero is valid.
>
> In https://datatracker.ietf.org/doc/html/rfc3748#section-5.1
> | If the Identity is unknown, the Identity Response field should be
> | zero bytes in length.
>
> ok?
Let me update the diff.
ok?
Index: sbin/iked/eap.c
===================================================================
RCS file: /cvs/src/sbin/iked/eap.c,v
diff -u -p -r1.25 eap.c
--- sbin/iked/eap.c 18 Jul 2023 15:07:41 -0000 1.25
+++ sbin/iked/eap.c 23 Mar 2024 03:58:03 -0000
@@ -71,7 +71,12 @@ eap_validate_id_response(struct eap_mess
len = betoh16(eap->eap_length) - sizeof(*eap);
ptr += sizeof(*eap);
- if (len == 0 || (str = get_string(ptr, len)) == NULL) {
+ if (len == 0) {
+ if ((str = strdup("")) == NULL) {
+ log_warn("%s: strdup failed", __func__);
+ return (NULL);
+ }
+ } else if ((str = get_string(ptr, len)) == NULL) {
log_info("%s: invalid identity response, length %zu",
__func__, len);
return (NULL);
diff: iked, identity check