<html><head><meta name="color-scheme" content="light dark"></head><body><pre style="word-wrap: break-word; white-space: pre-wrap;">This is the second version of this patch.

Apply by doing:
	cd /usr/src
	patch -p0 &lt; 027_isakmpd.patch

Then rebuild and install isakmpd:
	cd sbin/isakmpd
	make obj
	make cleandir
	make depend
	make
	make install

Index: sbin/isakmpd/message.c
===================================================================
RCS file: /cvs/src/sbin/isakmpd/message.c,v
retrieving revision 1.45.2.1
diff -u -r1.45.2.1 message.c
--- sbin/isakmpd/message.c	27 Mar 2002 04:24:22 -0000	1.45.2.1
+++ sbin/isakmpd/message.c	5 Jul 2002 13:21:11 -0000
@@ -492,6 +500,14 @@
   struct exchange *exchange = msg-&gt;exchange;
   size_t len = GET_ISAKMP_GEN_LENGTH (p-&gt;p);
 
+  if (!exchange)
+    {
+      /* We should have an exchange at this point.  */
+      log_print ("message_validate_id: payload out of sequence");
+      message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1);
+      return -1;
+    }
+
   if (exchange-&gt;doi
       &amp;&amp; exchange-&gt;doi-&gt;validate_id_information (GET_ISAKMP_ID_TYPE (p-&gt;p),
 						 p-&gt;p + ISAKMP_ID_DOI_DATA_OFF,
@@ -512,6 +528,14 @@
   struct exchange *exchange = msg-&gt;exchange;
   size_t len = GET_ISAKMP_GEN_LENGTH (p-&gt;p);
 
+  if (!exchange)
+    {
+      /* We should have an exchange at this point.  */
+      log_print ("message_validate_key_exch: payload out of sequence");
+      message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1);
+      return -1;
+    }
+
   if (exchange-&gt;doi
       &amp;&amp; exchange-&gt;doi-&gt;validate_key_information (p-&gt;p + ISAKMP_KE_DATA_OFF,
 						  len - ISAKMP_KE_DATA_OFF))
@@ -526,6 +550,14 @@
 static int
 message_validate_nonce (struct message *msg, struct payload *p)
 {
+  if (!msg-&gt;exchange)
+    {
+      /* We should have an exchange at this point.  */
+      log_print ("message_validate_nonce: payload out of sequence");
+      message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1);
+      return -1;
+    }
+
   /* Nonces require no specific validation.  */
   return 0;
 }
@@ -598,6 +630,14 @@
   u_int8_t proto = GET_ISAKMP_PROP_PROTO (p-&gt;p);
   u_int8_t *sa = p-&gt;context-&gt;p;
 
+  if (!msg-&gt;exchange)
+    {
+      /* We should have an exchange at this point.  */
+      log_print ("message_validate_proposal: payload out of sequence");
+      message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1);
+      return -1;
+    }
+
   if (proto != ISAKMP_PROTO_ISAKMP
       &amp;&amp; msg-&gt;exchange-&gt;doi-&gt;validate_proto (proto))
     {
@@ -727,6 +767,14 @@
 static int
 message_validate_sig (struct message *msg, struct payload *p)
 {
+  if (!msg-&gt;exchange)
+    {
+      /* We should have an exchange at this point.  */
+      log_print ("message_validate_sig: payload out of sequence");
+      message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1);
+      return -1;
+    }
+
   /* XXX Not implemented yet.  */
   return 0;
 }
@@ -738,6 +786,14 @@
   u_int8_t proto = GET_ISAKMP_PROP_PROTO (p-&gt;context-&gt;p);
   u_int8_t *prop = p-&gt;context-&gt;p;
 
+  if (!msg-&gt;exchange)
+    {
+      /* We should have an exchange at this point.  */
+      log_print ("message_validate_transform: payload out of sequence");
+      message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1);
+      return -1;
+    }
+
   if (msg-&gt;exchange-&gt;doi
       -&gt;validate_transform_id (proto, GET_ISAKMP_TRANSFORM_ID (p-&gt;p)))
     {
@@ -782,6 +838,14 @@
 static int
 message_validate_vendor (struct message *msg, struct payload *p)
 {
+  if (!msg-&gt;exchange)
+    {
+      /* We should have an exchange at this point.  */
+      log_print ("message_validate_vendor: payload out of sequence");
+      message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1);
+      return -1;
+    }
+
   /* Vendor IDs are only allowed in phase 1.  */
   if (msg-&gt;exchange-&gt;phase != 1)
     {
</pre></body></html>