[PATCH] relax requirements for Juniper hostname packet response

Daniel Lenski dlenski at gmail.com
Mon Jun 12 11:02:13 PDT 2017


This fixes the "Unexpected response of size 3 after hostname packet" error which I get intermittently when connecting to an old Juniper NC server:

    $ openconnect --prot=nc -vvvv
    ...
    NCP-Version: 2
    ...
    > 0000: 18 00 00 04 00 00 00 0c 00 64 65 61 64 62 65 65
    > 0010: 66 2d 31 32 33 bb 01 00 00 00 00
    Read 3 bytes of SSL record
    < 0000: d2 01 00
    Read 467 bytes of SSL record

Here's what I think is going on: I believe this server is concatenating the
3-byte response packet together with the longer IP-configuration packet that
follows (0x1d2 == 466, which suggests that it's encoding the size of the
following packet).

As far as I can tell, openconnect can simply ignore the first two bytes of
the hostname response packet, and everything else proceeds normally.

Signed-off-by: Daniel Lenski <dlenski at gmail.com>
---
 oncp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/oncp.c b/oncp.c
index f7d3d68..b57539c 100644
--- a/oncp.c
+++ b/oncp.c
@@ -665,8 +665,9 @@ int oncp_connect(struct openconnect_info *vpninfo)
 		goto out;
 	vpn_progress(vpninfo, PRG_TRACE,
 		     _("Read %d bytes of SSL record\n"), ret);
+	dump_buf_hex(vpninfo, PRG_TRACE, '<', (void *)bytes, ret);
 
-	if (ret != 3 || bytes[0] != 1 || bytes[1] != 0) {
+	if (ret != 3) {
 		vpn_progress(vpninfo, PRG_ERR,
 			     _("Unexpected response of size %d after hostname packet\n"),
 			     ret);
-- 
2.7.4




More information about the openconnect-devel mailing list