[svn-upgrade] Integrating new upstream version, strongswan (4.2.14)

author: Rene Mayrhofer <rene@mayrhofer.eu.org> 2009-04-01 20:13:30 +0000
committer: Rene Mayrhofer <rene@mayrhofer.eu.org> 2009-04-01 20:13:30 +0000
commit: c3e7f611ea8273c6b3909cb006ade4903a74aad0 (patch)
tree: a5ae5b5059f98c0e5366d61b1b19cd9e70162f9f /src/pluto
parent: 7a229aeb240cc750546f55ad089022f0ca7dc44f (diff)
download: vyos-strongswan-c3e7f611ea8273c6b3909cb006ade4903a74aad0.tar.gz
vyos-strongswan-c3e7f611ea8273c6b3909cb006ade4903a74aad0.zip
4 files changed, 21 insertions, 12 deletions
diff --git a/src/pluto/asn1.c b/src/pluto/asn1.c
index bd27f6a78..529f597fb 100644
--- a/src/pluto/asn1.c
+++ b/src/pluto/asn1.c
@@ -11,7 +11,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  *
- * RCSID $Id: asn1.c 4942 2009-03-13 20:22:24Z andreas $
+ * RCSID $Id: asn1.c 5041 2009-03-27 08:58:48Z andreas $
  */
 
 #include <stdlib.h>
@@ -348,6 +348,8 @@ is_printablestring(chunk_t str)
     return TRUE;
 }
 
+#define TIME_MAX	0x7fffffff
+
 /*
  *  Converts ASN.1 UTCTIME or GENERALIZEDTIME into calender time
  */
@@ -355,7 +357,7 @@ time_t
 asn1totime(const chunk_t *utctime, asn1_t type)
 {
     struct tm t;
-    time_t tz_offset;
+    time_t tc, tz_offset;
     u_char *eot = NULL;
 
     if ((eot = memchr(utctime->ptr, 'Z', utctime->len)) != NULL)
@@ -381,6 +383,7 @@ asn1totime(const chunk_t *utctime, asn1_t type)
 	return 0; /* error in time format */
     }
 
+    /* parse ASN.1 time string */
     {
 	const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d":
 						     "%4d%2d%2d%2d%2d";
@@ -419,9 +422,11 @@ asn1totime(const chunk_t *utctime, asn1_t type)
     /* set daylight saving time to off */
     t.tm_isdst = 0;
 
-    /* compensate timezone */
+    /* convert to time_t */
+    tc = mktime(&t);
 
-    return mktime(&t) - timezone - tz_offset;
+    /* if no conversion overflow occurred, compensate timezone */
+    return (tc == -1) ? TIME_MAX : (tc - timezone - tz_offset);
 }
 
 /*
diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c
index 52b59be31..9721ac583 100644
--- a/src/pluto/ipsec_doi.c
+++ b/src/pluto/ipsec_doi.c
@@ -12,7 +12,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  *
- * RCSID $Id: ipsec_doi.c 4924 2009-03-10 21:13:18Z andreas $
+ * RCSID $Id: ipsec_doi.c 5052 2009-03-30 03:47:14Z andreas $
  */
 
 #include <stdio.h>
@@ -5446,9 +5446,9 @@ dpd_inI_outR(struct state *st, struct isakmp_notification *const n, pb_stream *p
    time_t tm = now();
     u_int32_t seqno;
 
-    if (!IS_ISAKMP_SA_ESTABLISHED(st->st_state))
+    if (st == NULL || !IS_ISAKMP_SA_ESTABLISHED(st->st_state))
     {
-        loglog(RC_LOG_SERIOUS, "DPD: Received R_U_THERE for unestablished ISKAMP SA");
+        loglog(RC_LOG_SERIOUS, "DPD: Received R_U_THERE for unestablished ISAKMP SA");
         return STF_IGNORE;
     }
     if (n->isan_spisize != COOKIE_SIZE * 2 || pbs_left(pbs) < COOKIE_SIZE * 2)
@@ -5516,10 +5516,10 @@ dpd_inR(struct state *st, struct isakmp_notification *const n, pb_stream *pbs)
 {
     u_int32_t seqno;
 
-    if (!IS_ISAKMP_SA_ESTABLISHED(st->st_state))
+    if (st == NULL || !IS_ISAKMP_SA_ESTABLISHED(st->st_state))
     {
         loglog(RC_LOG_SERIOUS
-	    , "DPD: Received R_U_THERE_ACK for unestablished ISKAMP SA");
+	    , "DPD: Received R_U_THERE_ACK for unestablished ISAKMP SA");
         return STF_FAIL;
     }
 
diff --git a/src/pluto/vendor.c b/src/pluto/vendor.c
index cf2136b44..f957bf39b 100644
--- a/src/pluto/vendor.c
+++ b/src/pluto/vendor.c
@@ -11,7 +11,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  *
- * RCSID $Id: vendor.c 4893 2009-02-21 17:53:10Z andreas $
+ * RCSID $Id: vendor.c 5052 2009-03-30 03:47:14Z andreas $
  */
 
 #include <stdlib.h>
@@ -206,7 +206,8 @@ static struct vid_struct _vid_tab[] = {
 	/*
 	 * strongSwan
 	 */
-	DEC_MD5_VID(STRONGSWAN,       "strongSwan 4.2.13")
+	DEC_MD5_VID(STRONGSWAN,       "strongSwan 4.2.14")
+	DEC_MD5_VID(STRONGSWAN_4_2_13,"strongSwan 4.2.13")
 	DEC_MD5_VID(STRONGSWAN_4_2_12,"strongSwan 4.2.12")
 	DEC_MD5_VID(STRONGSWAN_4_2_11,"strongSwan 4.2.11")
 	DEC_MD5_VID(STRONGSWAN_4_2_10,"strongSwan 4.2.10")
@@ -241,6 +242,7 @@ static struct vid_struct _vid_tab[] = {
 	DEC_MD5_VID(STRONGSWAN_4_0_1, "strongSwan 4.0.1")
 	DEC_MD5_VID(STRONGSWAN_4_0_0, "strongSwan 4.0.0")
 
+	DEC_MD5_VID(STRONGSWAN_2_8_8, "strongSwan 2.8.9")
 	DEC_MD5_VID(STRONGSWAN_2_8_8, "strongSwan 2.8.8")
 	DEC_MD5_VID(STRONGSWAN_2_8_7, "strongSwan 2.8.7")
 	DEC_MD5_VID(STRONGSWAN_2_8_6, "strongSwan 2.8.6")
diff --git a/src/pluto/vendor.h b/src/pluto/vendor.h
index f049af1ef..2c8c24b34 100644
--- a/src/pluto/vendor.h
+++ b/src/pluto/vendor.h
@@ -11,7 +11,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  *
- * RCSID $Id: vendor.h 4893 2009-02-21 17:53:10Z andreas $
+ * RCSID $Id: vendor.h 5052 2009-03-30 03:47:14Z andreas $
  */
 
 #ifndef _VENDOR_H_
@@ -94,6 +94,7 @@ enum known_vendorid {
   VID_STRONGSWAN_2_8_6		= 72,
   VID_STRONGSWAN_2_8_7		= 73,
   VID_STRONGSWAN_2_8_8		= 74,
+  VID_STRONGSWAN_2_8_9		= 75,
 
   VID_STRONGSWAN_4_0_0		= 80,
   VID_STRONGSWAN_4_0_1		= 81,
@@ -129,6 +130,7 @@ enum known_vendorid {
   VID_STRONGSWAN_4_2_10		=110,
   VID_STRONGSWAN_4_2_11		=111,
   VID_STRONGSWAN_4_2_12		=112,
+  VID_STRONGSWAN_4_2_13		=113,
 
   /* 101 - 200 : NAT-Traversal */
   VID_NATT_STENBERG_01		=151,
author	Rene Mayrhofer <rene@mayrhofer.eu.org>	2009-04-01 20:13:30 +0000
committer	Rene Mayrhofer <rene@mayrhofer.eu.org>	2009-04-01 20:13:30 +0000
commit	c3e7f611ea8273c6b3909cb006ade4903a74aad0 (patch)
tree	a5ae5b5059f98c0e5366d61b1b19cd9e70162f9f /src/pluto
parent	7a229aeb240cc750546f55ad089022f0ca7dc44f (diff)
download	vyos-strongswan-c3e7f611ea8273c6b3909cb006ade4903a74aad0.tar.gz vyos-strongswan-c3e7f611ea8273c6b3909cb006ade4903a74aad0.zip