diff options
| author |   tobhe <tobhe@openbsd.org> | 2021-02-19 21:52:53 +0000 |
|---|---|---|
| committer | tobhe <tobhe@openbsd.org> | 2021-02-19 21:52:53 +0000 |
| commit | 0cad656418ad906f58ce4cf2c29c81b8365b8b08 (patch) | |
| tree | e3a4588c4e66f712c6bd942f3ff90b20961bb2d8 | |
| parent | Add 't' to options in man page. ok jmc@ kn@ (diff) | |
| download | wireguard-openbsd-0cad656418ad906f58ce4cf2c29c81b8365b8b08.tar.xz wireguard-openbsd-0cad656418ad906f58ce4cf2c29c81b8365b8b08.zip | |
Fail on duplicate nonce payload.
ok patrick@
| -rw-r--r-- | sbin/iked/ikev2_pld.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c index ad407f7293d..026d245b172 100644 --- a/sbin/iked/ikev2_pld.c +++ b/sbin/iked/ikev2_pld.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2_pld.c,v 1.116 2021/02/18 21:39:36 tobhe Exp $ */ +/* $OpenBSD: ikev2_pld.c,v 1.117 2021/02/19 21:52:53 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -988,7 +988,10 @@ ikev2_pld_nonce(struct iked *env, struct ikev2_payload *pld, print_hex(buf, 0, len); if (ikev2_msg_frompeer(msg)) { - ibuf_release(msg->msg_nonce); + if (ibuf_length(msg->msg_parent->msg_nonce)) { + log_info("%s: duplicate NONCE payload", __func__); + return (-1); + } if ((msg->msg_nonce = ibuf_new(buf, len)) == NULL) { log_debug("%s: failed to get peer nonce", __func__); return (-1); |