From: tobhe <tobhe@openbsd.org>
Date: Sun, 31 Jan 2021 17:23:45 +0000 (+0000)
Subject: Ignore addresses that are not 0/32 (dynamic) in ikev2_cp_fixaddr()
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=dc818b8a71418567004667b16a5f9eca06e2b430;p=openbsd

Ignore addresses that are not 0/32 (dynamic) in ikev2_cp_fixaddr()
instead of throwing an error.  Fixes a bug where flows without
'dynamic' were skipped when 'config/request address' is used.

ok patrick@
---

diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index 1d7a63d2b9d..e111c7c30c2 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2.c,v 1.299 2021/01/31 17:15:38 tobhe Exp $	*/
+/*	$OpenBSD: ikev2.c,v 1.300 2021/01/31 17:23:45 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -6969,7 +6969,7 @@ ikev2_cp_fixaddr(struct iked_sa *sa, struct iked_addr *addr,
 			return (-1);
 		in4 = (struct sockaddr_in *)&addr->addr;
 		if (in4->sin_addr.s_addr)
-			return (-1);
+			return (-2);
 		memcpy(patched, naddr, sizeof(*patched));
 		patched->addr_net = 0;
 		patched->addr_mask = 32;
@@ -6981,7 +6981,7 @@ ikev2_cp_fixaddr(struct iked_sa *sa, struct iked_addr *addr,
 			return (-1);
 		in6 = (struct sockaddr_in6 *)&addr->addr;
 		if (!IN6_IS_ADDR_UNSPECIFIED(&in6->sin6_addr))
-			return (-1);
+			return (-2);
 		memcpy(patched, naddr, sizeof(*patched));
 		patched->addr_net = 0;
 		patched->addr_mask = 128;