diff options
author | Hakan Olsson <ho@cvs.openbsd.org> | 2002-07-04 22:23:50 +0000 |
---|---|---|
committer | Hakan Olsson <ho@cvs.openbsd.org> | 2002-07-04 22:23:50 +0000 |
commit | ecd1d355a936dee799dcd6128ab4e069937fbe2c (patch) | |
tree | dc6a9351934a87169c75f6592796f3f2df40fcdd /sbin/isakmpd | |
parent | 165ad59573b5750a357c06a3a30a81d7a27ff514 (diff) |
Do not assume we have an active exchange during payload validation.
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r-- | sbin/isakmpd/message.c | 66 |
1 files changed, 65 insertions, 1 deletions
diff --git a/sbin/isakmpd/message.c b/sbin/isakmpd/message.c index e2bdeeca760..722a5d7deeb 100644 --- a/sbin/isakmpd/message.c +++ b/sbin/isakmpd/message.c @@ -1,4 +1,4 @@ -/* $OpenBSD: message.c,v 1.54 2002/06/09 08:13:06 todd Exp $ */ +/* $OpenBSD: message.c,v 1.55 2002/07/04 22:23:49 ho Exp $ */ /* $EOM: message.c,v 1.156 2000/10/10 12:36:39 provos Exp $ */ /* @@ -486,6 +486,14 @@ message_validate_delete (struct message *msg, struct payload *p) static int message_validate_hash (struct message *msg, struct payload *p) { + if (!msg->exchange) + { + /* We should have an exchange at this point. */ + log_print ("message_validate_hash: payload out of sequence"); + message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1); + return -1; + } + /* XXX Not implemented yet. */ return 0; } @@ -497,6 +505,14 @@ message_validate_id (struct message *msg, struct payload *p) struct exchange *exchange = msg->exchange; size_t len = GET_ISAKMP_GEN_LENGTH (p->p); + if (!exchange) + { + /* We should have an exchange at this point. */ + log_print ("message_validate_id: payload out of sequence"); + message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1); + return -1; + } + if (exchange->doi && exchange->doi->validate_id_information (GET_ISAKMP_ID_TYPE (p->p), p->p + ISAKMP_ID_DOI_DATA_OFF, @@ -517,6 +533,14 @@ message_validate_key_exch (struct message *msg, struct payload *p) struct exchange *exchange = msg->exchange; size_t len = GET_ISAKMP_GEN_LENGTH (p->p); + if (!exchange) + { + /* We should have an exchange at this point. */ + log_print ("message_validate_key_exch: payload out of sequence"); + message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1); + return -1; + } + if (exchange->doi && exchange->doi->validate_key_information (p->p + ISAKMP_KE_DATA_OFF, len - ISAKMP_KE_DATA_OFF)) @@ -531,6 +555,14 @@ message_validate_key_exch (struct message *msg, struct payload *p) static int message_validate_nonce (struct message *msg, struct payload *p) { + if (!msg->exchange) + { + /* We should have an exchange at this point. */ + log_print ("message_validate_nonce: payload out of sequence"); + message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1); + return -1; + } + /* Nonces require no specific validation. */ return 0; } @@ -603,6 +635,14 @@ message_validate_proposal (struct message *msg, struct payload *p) u_int8_t proto = GET_ISAKMP_PROP_PROTO (p->p); u_int8_t *sa = p->context->p; + if (!msg->exchange) + { + /* We should have an exchange at this point. */ + log_print ("message_validate_proposal: payload out of sequence"); + message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1); + return -1; + } + if (proto != ISAKMP_PROTO_ISAKMP && msg->exchange->doi->validate_proto (proto)) { @@ -732,6 +772,14 @@ message_validate_sa (struct message *msg, struct payload *p) static int message_validate_sig (struct message *msg, struct payload *p) { + if (!msg->exchange) + { + /* We should have an exchange at this point. */ + log_print ("message_validate_sig: payload out of sequence"); + message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1); + return -1; + } + /* XXX Not implemented yet. */ return 0; } @@ -743,6 +791,14 @@ message_validate_transform (struct message *msg, struct payload *p) u_int8_t proto = GET_ISAKMP_PROP_PROTO (p->context->p); u_int8_t *prop = p->context->p; + if (!msg->exchange) + { + /* We should have an exchange at this point. */ + log_print ("message_validate_transform: payload out of sequence"); + message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1); + return -1; + } + if (msg->exchange->doi ->validate_transform_id (proto, GET_ISAKMP_TRANSFORM_ID (p->p))) { @@ -787,6 +843,14 @@ message_validate_transform (struct message *msg, struct payload *p) static int message_validate_vendor (struct message *msg, struct payload *p) { + if (!msg->exchange) + { + /* We should have an exchange at this point. */ + log_print ("message_validate_vendor: payload out of sequence"); + message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1); + return -1; + } + /* Vendor IDs are only allowed in phase 1. */ if (msg->exchange->phase != 1) { |