Fix decryption code path.

Thanks for making this hard to test on macOS, Apple.  You *could*
continue to ship the headers for libcrypto even if you want to get
everybody to use your Shiny New SSL code rather than Boring Old OpenSSL
- just don't ship the headers for the SSL library - but nooooooo.

diff --git a/print-isakmp.c b/print-isakmp.c
index 1f9e2c64830064bbcdaa731e1cb726d70299ef14..3a5f89fffe170673dd74417b4ed4fc909462c21d 100644 (file)
--- a/print-isakmp.c
+++ b/print-isakmp.c
@@ -2645,6 +2645,7 @@ ikev2_e_print(netdissect_options *ndo,
 {
        const u_char *dat;
        volatile u_int dlen;
+       uint8_t np;
 
        ND_TCHECK(*ext);
        ikev2_pay_print(ndo, NPSTR(tpay), EXTRACT_U_1(ext->critical));
@@ -2662,6 +2663,8 @@ ikev2_e_print(netdissect_options *ndo,
        ND_TCHECK_LEN(dat, dlen);
 
 #ifdef HAVE_LIBCRYPTO
+       np = EXTRACT_U_1(ext->np);
+
        /* try to decypt it! */
        if(esp_print_decrypt_buffer_by_ikev2(ndo,
                                             EXTRACT_U_1(base->flags) & ISAKMP_FLAG_I,
@@ -2671,7 +2674,7 @@ ikev2_e_print(netdissect_options *ndo,
                ext = (const struct isakmp_gen *)ndo->ndo_packetp;
 
                /* got it decrypted, print stuff inside. */
-               ikev2_sub_print(ndo, base, EXTRACT_U_1(ext->np), ext,
+               ikev2_sub_print(ndo, base, np, ext,
                                ndo->ndo_snapend, phase, doi, proto, depth+1);
        }
 #endif