--- ipsec-tools-0.6.7/src/racoon/ipsec_doi.c.pre6	2008-08-27 21:35:52 +1100
+++ ipsec-tools-0.6.7/src/racoon/ipsec_doi.c	2008-08-27 21:35:52 +1100
@@ -2704,7 +2704,7 @@ setph1attr(sa, buf)
 		attrlen += sizeof(struct isakmp_data)
 			+ sizeof(struct isakmp_data);
 		if (sa->lifetime > 0xffff)
-                        attrlen += sizeof(u_int32_t);
+			attrlen += sizeof(lifetime);
 		if (buf) {
 			p = isakmp_set_attr_l(p, OAKLEY_ATTR_SA_LD_TYPE,
 						OAKLEY_ATTR_SA_LD_TYPE_SEC);
--- ipsec-tools-0.6.7/src/racoon/isakmp.c.pre6	2008-08-27 21:35:52 +1100
+++ ipsec-tools-0.6.7/src/racoon/isakmp.c	2008-08-27 21:35:52 +1100
@@ -247,18 +247,6 @@ isakmp_handler(so_isakmp)
 		if ((len = recvfrom(so_isakmp, (char *)&isakmp, sizeof(isakmp),
 			    0, (struct sockaddr *)&remote, &remote_len)) < 0) {
 			plog(LLV_ERROR, LOCATION, NULL,
-				"failed to receive isakmp packet\n");
-		}
-		goto end;
-	}
-
-	/* reject it if the size is tooooo big. */
-	if (ntohl(isakmp.len) > 0xffff) {
-		plog(LLV_ERROR, LOCATION, NULL,
-			"the length of the isakmp header is too big.\n");
-		if ((len = recvfrom(so_isakmp, (char *)&isakmp, sizeof(isakmp),
-			    0, (struct sockaddr *)&remote, &remote_len)) < 0) {
-			plog(LLV_ERROR, LOCATION, NULL,
 				"failed to receive isakmp packet: %s\n",
 				strerror (errno));
 		}