diff options
| author |   tobhe <tobhe@openbsd.org> | 2020-10-24 20:27:59 +0000 |
|---|---|---|
| committer | tobhe <tobhe@openbsd.org> | 2020-10-24 20:27:59 +0000 |
| commit | 046db3fba68d27f275f925e825f0ca587a4d6cf4 (patch) | |
| tree | 3f52c2ee4cb40644e7f99996311259bf1fcfacec | |
| parent | double word blunder; from sean davies (diff) | |
| download | wireguard-openbsd-046db3fba68d27f275f925e825f0ca587a4d6cf4.tar.xz wireguard-openbsd-046db3fba68d27f275f925e825f0ca587a4d6cf4.zip | |
Don't modify sa in ikev2_pld_cp. Store cp_type in msg until message has
passed all checks.
ok patrick@
| -rw-r--r-- | sbin/iked/iked.h | 3 | ||||
| -rw-r--r-- | sbin/iked/ikev2.c | 5 | ||||
| -rw-r--r-- | sbin/iked/ikev2_pld.c | 6 |
3 files changed, 8 insertions, 6 deletions
diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h index 3dba84d8096..54583d4180d 100644 --- a/sbin/iked/iked.h +++ b/sbin/iked/iked.h @@ -1,4 +1,4 @@ -/* $OpenBSD: iked.h,v 1.168 2020/10/19 17:02:57 tobhe Exp $ */ +/* $OpenBSD: iked.h,v 1.169 2020/10/24 20:27:59 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -602,6 +602,7 @@ struct iked_message { size_t msg_del_cnt; struct ibuf *msg_del_buf; int msg_del_protoid; + int msg_cp; /* MOBIKE */ int msg_update_sa_addresses; diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index bee7b37fa61..b21479927b1 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.269 2020/10/22 17:11:27 tobhe Exp $ */ +/* $OpenBSD: ikev2.c,v 1.270 2020/10/24 20:27:59 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -921,6 +921,9 @@ ikev2_ike_auth_recv(struct iked *env, struct iked_sa *sa, bzero(&msg->msg_auth, sizeof(msg->msg_auth)); } + if (msg->msg_cp) + sa->sa_cp = msg->msg_cp; + /* For EAP and PSK AUTH can be verified without the CA process*/ if ((sa->sa_policy->pol_auth.auth_eap && sa->sa_eapmsk != NULL) || diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c index d9250a99dc0..e121140c7fa 100644 --- a/sbin/iked/ikev2_pld.c +++ b/sbin/iked/ikev2_pld.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2_pld.c,v 1.106 2020/10/22 17:11:27 tobhe Exp $ */ +/* $OpenBSD: ikev2_pld.c,v 1.107 2020/10/24 20:27:59 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -1807,7 +1807,6 @@ ikev2_pld_cp(struct iked *env, struct ikev2_payload *pld, struct ikev2_cfg *cfg; uint8_t *ptr; size_t len; - struct iked_sa *sa = msg->msg_sa; if (ikev2_validate_cp(msg, offset, left, &cp)) return (-1); @@ -1849,8 +1848,7 @@ ikev2_pld_cp(struct iked *env, struct ikev2_payload *pld, if (!ikev2_msg_frompeer(msg)) return (0); - if (sa) - sa->sa_cp = cp.cp_type; + msg->msg_parent->msg_cp = cp.cp_type; return (0); } |