diff options
| author |   tobhe <tobhe@openbsd.org> | 2020-09-30 16:59:09 +0000 |
|---|---|---|
| committer | tobhe <tobhe@openbsd.org> | 2020-09-30 16:59:09 +0000 |
| commit | a0dab161f0ab26d67e394a889c9519a38b26d541 (patch) | |
| tree | 02d64d16715d3fe2982210b3febec68227362f79 | |
| parent | Don't accept ID payloads with ID type IKEV2_ID_NONE. (diff) | |
| download | wireguard-openbsd-a0dab161f0ab26d67e394a889c9519a38b26d541.tar.xz wireguard-openbsd-a0dab161f0ab26d67e394a889c9519a38b26d541.zip | |
Don't accept AUTH payloads with invalid auth_method 0.
Fixes duplicate AUTH payload detection.
ok patrick@
| -rw-r--r-- | sbin/iked/ikev2_pld.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c index 4ddcbe7300b..728727202c0 100644 --- a/sbin/iked/ikev2_pld.c +++ b/sbin/iked/ikev2_pld.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2_pld.c,v 1.98 2020/09/30 16:55:16 tobhe Exp $ */ +/* $OpenBSD: ikev2_pld.c,v 1.99 2020/09/30 16:59:09 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -900,6 +900,12 @@ ikev2_validate_auth(struct iked_message *msg, size_t offset, size_t left, } memcpy(auth, msgbuf + offset, sizeof(*auth)); + if (auth->auth_method == 0) { + log_info("%s: malformed payload: invalid auth method", + __func__); + return (-1); + } + return (0); } |