diff -urNp openswan-2.6.32-cvs-patched/programs/pluto/ikev2_parent.c openswan-2.6.32-current/programs/pluto/ikev2_parent.c --- openswan-2.6.32-cvs-patched/programs/pluto/ikev2_parent.c 2011-03-02 10:47:39.000000000 -0500 +++ openswan-2.6.32-current/programs/pluto/ikev2_parent.c 2011-05-11 17:44:53.281218745 -0400 @@ -123,7 +123,7 @@ ikev2parent_outI1(int whack_sock st->st_msgid_nextuse = 0; st->st_try = try; - if (HAS_IPSEC_POLICY(policy)) + if (HAS_IPSEC_POLICY(policy)) { #ifdef HAVE_LABELED_IPSEC st->sec_ctx = NULL; if( uctx != NULL) { @@ -137,6 +137,7 @@ ikev2parent_outI1(int whack_sock , st->sec_ctx #endif ); + } if (predecessor == NULL) openswan_log("initiating v2 parent SA"); diff -urNp openswan-2.6.32-cvs-patched/programs/pluto/initiate.c openswan-2.6.32-current/programs/pluto/initiate.c --- openswan-2.6.32-cvs-patched/programs/pluto/initiate.c 2011-03-02 10:47:39.000000000 -0500 +++ openswan-2.6.32-current/programs/pluto/initiate.c 2011-05-11 17:40:11.729493789 -0400 @@ -775,19 +775,17 @@ initiate_ondemand_body(struct find_oppo_ #ifdef HAVE_LABELED_IPSEC - char sec_ctx_value[256]; + char sec_ctx_value[MAX_SECCTX_LEN]; memset(sec_ctx_value, 0, sizeof(sec_ctx_value)); if(uctx != NULL) { memcpy(sec_ctx_value, uctx->sec_ctx_value, uctx->ctx_len); } - snprintf(demandbuf, 256, "initiate on demand from %s:%d to %s:%d proto=%d state: %s because: %s with security context %s" - , ours, ourport, his, hisport, b->transport_proto - , oppo_step_name[b->step], b->want, sec_ctx_value); -#else + DBG(DBG_CONTROLMORE, DBG_log("received security label string: %s", sec_ctx_value)); +#endif + snprintf(demandbuf, 256, "initiate on demand from %s:%d to %s:%d proto=%d state: %s because: %s" , ours, ourport, his, hisport, b->transport_proto , oppo_step_name[b->step], b->want); -#endif if(DBGP(DBG_OPPOINFO)) { openswan_log("%s", demandbuf); diff -urNp openswan-2.6.32-cvs-patched/programs/pluto/spdb_v1_struct.c openswan-2.6.32-current/programs/pluto/spdb_v1_struct.c --- openswan-2.6.32-cvs-patched/programs/pluto/spdb_v1_struct.c 2011-03-02 10:47:39.000000000 -0500 +++ openswan-2.6.32-current/programs/pluto/spdb_v1_struct.c 2011-05-11 18:18:03.326070297 -0400 @@ -105,11 +105,22 @@ parse_secctx_attr (pb_stream *pbs, struc return FALSE; } - /* reading security label*/ - memcpy(sec_ctx_value, pbs->cur, pbs_left(pbs) <= MAX_SECCTX_LEN ? pbs_left(pbs) : MAX_SECCTX_LEN); - i = pbs_left(pbs) <= MAX_SECCTX_LEN ? pbs_left(pbs) : MAX_SECCTX_LEN; + /*do not process security labels longer than MAX_SECCTX_LEN*/ + if(pbs_left(pbs) > MAX_SECCTX_LEN) { + DBG(DBG_PARSING, DBG_log("received security ctx longer than MAX_SECCTX_LEN which is not supported")); + return FALSE; + } - /* checking if the received security label contains \0 */ + /* reading security label*/ + //memcpy(sec_ctx_value, pbs->cur, pbs_left(pbs) <= MAX_SECCTX_LEN ? pbs_left(pbs) : MAX_SECCTX_LEN); + //i = pbs_left(pbs) <= MAX_SECCTX_LEN ? pbs_left(pbs) : MAX_SECCTX_LEN; + memcpy(sec_ctx_value, pbs->cur, pbs_left(pbs)); + i = pbs_left(pbs); + + /* checking if the received security label contains \0, + * We expect received label to have '\0', however to be + * compliant with implementations that dont send \0 + * we can include \0 if there is space left in the buffer.*/ if( sec_ctx_value[i-1] != '\0') { /*check if we have space left and then append \0*/ if (i < MAX_SECCTX_LEN) {