Description: Add should be zero field to pluto code
Author: Paul Wouters <paul@nohats.ca>
Origin: upstream git
Last-Update: 2012-06-28

Index: openswan-debian/include/packet.h
===================================================================
--- openswan-debian.orig/include/packet.h	2012-06-29 19:15:41.689617541 +0200
+++ openswan-debian/include/packet.h	2012-06-29 19:16:31.537617499 +0200
@@ -38,7 +38,7 @@
  */
 
 enum field_type {
-    ft_mbz,	/* must be zero */
+    ft_mbz,	/* must be zero, abort */
     ft_nat,	/* natural number (may be 0) */
     ft_len,	/* length of this struct and any following crud */
     ft_lv,	/* length/value field of attribute */
@@ -48,6 +48,7 @@
     ft_af_loose_enum, /* Attribute Format + enumeration, some names known */
     ft_set,	/* bits representing set */
     ft_raw,	/* bytes to be left in network-order */
+    ft_zig,	/* should be zero, ignore if not. Continue */
     ft_end,	/* end of field list */
 };
 
Index: openswan-debian/lib/libpluto/packet.c
===================================================================
--- openswan-debian.orig/lib/libpluto/packet.c	2012-06-29 19:15:41.689617541 +0200
+++ openswan-debian/lib/libpluto/packet.c	2012-06-29 19:16:31.537617499 +0200
@@ -597,10 +597,10 @@
  */
 static field_desc isanat_oa_fields[] = {
     { ft_enum, 8/BITS_PER_BYTE, "next payload type", &payload_names },
-    { ft_mbz, 8/BITS_PER_BYTE, NULL, NULL },
+    { ft_zig, 8/BITS_PER_BYTE, NULL, NULL }, /* Need ft_zig because ipsec-tools bug used in Android ICS */
     { ft_len, 16/BITS_PER_BYTE, "length", NULL },
     { ft_enum, 8/BITS_PER_BYTE, "ID type", &ident_names },
-    { ft_mbz, 24/BITS_PER_BYTE, NULL, NULL },
+    { ft_zig, 24/BITS_PER_BYTE, NULL, NULL }, /* Need ft_zig because ipsec-tools bug used in Android ICS */
     { ft_end, 0, NULL, NULL }
 };
 
@@ -664,7 +664,7 @@
  */
 static field_desc ikev2prop_fields[] = {
     { ft_enum, 8/BITS_PER_BYTE, "next payload type", &payload_names },
-    { ft_mbz,  8/BITS_PER_BYTE, NULL, NULL },
+    { ft_zig,  8/BITS_PER_BYTE, NULL, NULL },
     { ft_len, 16/BITS_PER_BYTE, "length", NULL },
     { ft_nat,  8/BITS_PER_BYTE, "prop #", NULL },
     { ft_nat,  8/BITS_PER_BYTE, "proto ID", NULL },
@@ -695,10 +695,10 @@
  */
 static field_desc ikev2trans_fields[] = {
     { ft_enum, 8/BITS_PER_BYTE, "next payload type", &payload_names },
-    { ft_mbz,  8/BITS_PER_BYTE, NULL, NULL },
+    { ft_zig,  8/BITS_PER_BYTE, NULL, NULL },
     { ft_len, 16/BITS_PER_BYTE, "length", NULL },
     { ft_nat,  8/BITS_PER_BYTE, "transform type", &trans_type_names },
-    { ft_mbz,  8/BITS_PER_BYTE, NULL, NULL },
+    { ft_zig,  8/BITS_PER_BYTE, NULL, NULL },
     { ft_nat, 16/BITS_PER_BYTE, "transform ID", NULL },
     { ft_end,  0, NULL, NULL }
 };
@@ -757,7 +757,7 @@
     { ft_set, 8/BITS_PER_BYTE, "critical bit", critical_names},
     { ft_len, 16/BITS_PER_BYTE, "length", NULL },
     { ft_nat, 16/BITS_PER_BYTE, "transform type", &oakley_group_names },
-    { ft_mbz, 16/BITS_PER_BYTE, NULL, NULL },
+    { ft_zig, 16/BITS_PER_BYTE, NULL, NULL },
     { ft_end,  0, NULL, NULL }
 };
 
@@ -800,8 +800,8 @@
     { ft_set, 8/BITS_PER_BYTE, "critical bit", critical_names},
     { ft_len, 16/BITS_PER_BYTE, "length", NULL },
     { ft_enum, 8/BITS_PER_BYTE, "id_type", &ident_names },
-    { ft_mbz,  8/BITS_PER_BYTE, NULL, NULL },
-    { ft_mbz, 16/BITS_PER_BYTE, NULL, NULL },
+    { ft_zig,  8/BITS_PER_BYTE, NULL, NULL },
+    { ft_zig, 16/BITS_PER_BYTE, NULL, NULL },
     { ft_end,  0, NULL, NULL }
 };
 
@@ -883,8 +883,8 @@
     { ft_set, 8/BITS_PER_BYTE, "critical bit", critical_names},
     { ft_len, 16/BITS_PER_BYTE, "length", NULL },
     { ft_enum, 8/BITS_PER_BYTE, "auth method", &ikev2_auth_names },
-    { ft_mbz,  8/BITS_PER_BYTE, NULL, NULL },
-    { ft_mbz, 16/BITS_PER_BYTE, NULL, NULL },
+    { ft_zig,  8/BITS_PER_BYTE, NULL, NULL },
+    { ft_zig, 16/BITS_PER_BYTE, NULL, NULL },
     { ft_end,  0, NULL, NULL }
 };
 
@@ -1029,8 +1029,8 @@
     { ft_set, 8/BITS_PER_BYTE, "critical bit", critical_names},
     { ft_len, 16/BITS_PER_BYTE, "length", NULL },
     { ft_nat,  8/BITS_PER_BYTE, "number of TS", NULL},
-    { ft_mbz,  8/BITS_PER_BYTE, NULL, NULL },
-    { ft_mbz, 16/BITS_PER_BYTE, NULL, NULL },
+    { ft_zig,  8/BITS_PER_BYTE, NULL, NULL },
+    { ft_zig, 16/BITS_PER_BYTE, NULL, NULL },
     { ft_end,  0, NULL, NULL }
 };
 struct_desc ikev2_ts_desc = { "IKEv2 Traffic Selector Payload",
@@ -1184,6 +1184,7 @@
 	switch (fp->field_type)
 	{
 	case ft_mbz:	/* must be zero */
+	case ft_zig:
 	    inp += i;
 	    break;
 	case ft_nat:	/* natural number (may be 0) */
@@ -1351,6 +1352,21 @@
 		    *outp++ = '\0';	/* probably redundant */
 		}
 		break;
+	    case ft_zig:	/* should be zero, ignore if not */
+		for (; i != 0; i--)
+		{
+		    if (*cur++ != 0)
+		    {
+			openswan_log("byte %d of %s should have been zero, but was not"
+			    , (int) (cur - ins->cur), sd->name);
+			/*
+			 * We cannot zeroize it, it would break our hash calculation 
+			 * *cur = '\0';
+			 */
+		    }
+		    *outp++ = '\0';	/* probably redundant */
+		}
+		break;
 
 	    case ft_nat:	/* natural number (may be 0) */
 	    case ft_len:	/* length of this struct and any following crud */
@@ -1565,6 +1581,7 @@
 	    switch (fp->field_type)
 	    {
 	    case ft_mbz:	/* must be zero */
+	    case ft_zig:	/* should be zero, but we'll let it go */
 		inp += i;
 		for (; i != 0; i--)
 		    *cur++ = '\0';
