New commits:
commit 9c7581c0b6295448dbbaa6e9609eb5beebd92668
Author: Andrew Cagney <[email protected]>
Date: Fri Nov 8 13:25:20 2024 -0500
ikev1: in ikev1_natd_init() s/struct state/struct ike_sa/
Also replace:
if (md->md_v1_st->st_oakley.ta_prf == NULL)
llog(bad)
with the stronger:
if (PBAD(ike->sa.st_oakley.ta_prf == NULL))
llog(worse)
- If the IKE has no PRF then there's no negotiated
crypto and the entire NAT payload can't be trusted
(and this function should not be called at all)
- don't assume md->md_v1_st is pointing at this IKE SA
_______________________________________________
Swan-commit mailing list -- [email protected]
To unsubscribe send an email to [email protected]
