restrict replay window size to 32

author: deraadt <deraadt@openbsd.org> 1999-03-05 00:58:35 +0000
committer: deraadt <deraadt@openbsd.org> 1999-03-05 00:58:35 +0000
commit: 9cc1c57640dd6847177da17d89ee6f7ba334a560 (patch)
tree: 0a416c1074c55b32ecd3bc2947b18c4021e0667f
parent: update allocation statistics (diff)
download: wireguard-openbsd-9cc1c57640dd6847177da17d89ee6f7ba334a560.tar.xz
wireguard-openbsd-9cc1c57640dd6847177da17d89ee6f7ba334a560.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c
index 8df43d6a17d..7c56c9823f5 100644
--- a/sys/net/pfkeyv2_parsemessage.c
+++ b/sys/net/pfkeyv2_parsemessage.c
@@ -285,6 +285,9 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
 
 	  if (sadb_sa->sadb_sa_auth > SADB_AALG_MAX)
 	    return EINVAL;
+
+	  if (sadb_sa->sadb_sa_replay > 32)
+	    return EINVAL;
 	}
 	break;
       case SADB_EXT_X_PROTOCOL:
author	deraadt <deraadt@openbsd.org>	1999-03-05 00:58:35 +0000
committer	deraadt <deraadt@openbsd.org>	1999-03-05 00:58:35 +0000
commit	9cc1c57640dd6847177da17d89ee6f7ba334a560 (patch)
tree	0a416c1074c55b32ecd3bc2947b18c4021e0667f
parent	update allocation statistics (diff)
download	wireguard-openbsd-9cc1c57640dd6847177da17d89ee6f7ba334a560.tar.xz wireguard-openbsd-9cc1c57640dd6847177da17d89ee6f7ba334a560.zip