diff options
Diffstat (limited to 'main/openswan/fix-natt.patch')
-rw-r--r-- | main/openswan/fix-natt.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/main/openswan/fix-natt.patch b/main/openswan/fix-natt.patch new file mode 100644 index 0000000000..308bac816e --- /dev/null +++ b/main/openswan/fix-natt.patch @@ -0,0 +1,39 @@ +https://github.com/xelerance/Openswan/commit/b6041cb5d1d07974596be79606a977e88dd9ec48.patch + +From b6041cb5d1d07974596be79606a977e88dd9ec48 Mon Sep 17 00:00:00 2001 +From: Patrick Naubert <patrickn@xelerance.com> +Date: Fri, 28 Feb 2014 19:59:54 -0500 +Subject: [PATCH] Bring back NAT traversal that got mistakenly pulled out by + CVE-2014-2037 patch. Patch by Thomas Geulig + +--- + lib/libopenswan/constants.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/lib/libopenswan/constants.c b/lib/libopenswan/constants.c +index 932b205..09f7e80 100644 +--- a/lib/libopenswan/constants.c ++++ b/lib/libopenswan/constants.c +@@ -167,9 +167,18 @@ const char *const payload_name_ikev2_main[] = { + NULL /* termination for bitnamesof() */ + }; + ++const char *const payload_name_nat_d[] = { ++ "ISAKMP_NEXT_NAT-D", ++ "ISAKMP_NEXT_NAT-OA", ++ NULL ++}; ++ ++static enum_names payload_names_nat_d = ++{ ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL }; ++ + static enum_names payload_names_ikev2_main = + { ISAKMP_NEXT_v2SA, ISAKMP_NEXT_v2EAP, payload_name_ikev2_main, +- NULL }; ++ &payload_names_nat_d }; + + const char *const payload_name_ikev2[] = { + "ISAKMP_NEXT_v2NONE", /* 33 */ +-- +1.9.1 + |