From: Guy Harris <guy@alum.mit.edu>
Date: Mon, 18 Dec 2017 07:45:14 +0000 (-0800)
Subject: Fix decryption code path.
X-Git-Tag: tcpdump-4.99-bp~1599
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/5fc11e8d2fa0fc3217b7705866db11a88aee97fa

Fix decryption code path.

Thanks for making this hard to test on macOS, Apple.  You *could*
continue to ship the headers for libcrypto even if you want to get
everybody to use your Shiny New SSL code rather than Boring Old OpenSSL
- just don't ship the headers for the SSL library - but nooooooo.
---

diff --git a/print-isakmp.c b/print-isakmp.c
index 1f9e2c64..3a5f89ff 100644
--- a/print-isakmp.c
+++ b/print-isakmp.c
@@ -2645,6 +2645,7 @@ ikev2_e_print(netdissect_options *ndo,
 {
 	const u_char *dat;
 	volatile u_int dlen;
+	uint8_t np;
 
 	ND_TCHECK(*ext);
 	ikev2_pay_print(ndo, NPSTR(tpay), EXTRACT_U_1(ext->critical));
@@ -2662,6 +2663,8 @@ ikev2_e_print(netdissect_options *ndo,
 	ND_TCHECK_LEN(dat, dlen);
 
 #ifdef HAVE_LIBCRYPTO
+	np = EXTRACT_U_1(ext->np);
+
 	/* try to decypt it! */
 	if(esp_print_decrypt_buffer_by_ikev2(ndo,
 					     EXTRACT_U_1(base->flags) & ISAKMP_FLAG_I,
@@ -2671,7 +2674,7 @@ ikev2_e_print(netdissect_options *ndo,
 		ext = (const struct isakmp_gen *)ndo->ndo_packetp;
 
 		/* got it decrypted, print stuff inside. */
-		ikev2_sub_print(ndo, base, EXTRACT_U_1(ext->np), ext,
+		ikev2_sub_print(ndo, base, np, ext,
 				ndo->ndo_snapend, phase, doi, proto, depth+1);
 	}
 #endif