diff options
author | Jonathan Gray <jsg@cvs.openbsd.org> | 2024-02-03 00:54:15 +0000 |
---|---|---|
committer | Jonathan Gray <jsg@cvs.openbsd.org> | 2024-02-03 00:54:15 +0000 |
commit | a7dad71f2e0b9ea8cdc7b8c5502184340492b286 (patch) | |
tree | fe67779041caecb09ddcb20335266163cb4ee5d6 /sbin | |
parent | 2907916b1b1626168388ab094cbadae5e0ea03ff (diff) |
fix off-by-one in bounds test
found by "buffer overflow 'peerxfs' 6 <= 6" smatch error
tobhe@ had a remote peer attempt a transform type of 6 and it is caught
by earlier checks before getting here.
ok tobhe@
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/iked/policy.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sbin/iked/policy.c b/sbin/iked/policy.c index 1e39beac2ff..a9e783c82a4 100644 --- a/sbin/iked/policy.c +++ b/sbin/iked/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.97 2023/11/10 08:03:02 tobhe Exp $ */ +/* $OpenBSD: policy.c,v 1.98 2024/02/03 00:54:14 jsg Exp $ */ /* * Copyright (c) 2020-2021 Tobias Heider <tobhe@openbsd.org> @@ -1091,7 +1091,7 @@ proposals_match(struct iked_proposal *local, struct iked_proposal *peer, for (i = 0; i < peer->prop_nxforms; i++) { tpeer = peer->prop_xforms + i; - if (tpeer->xform_type > IKEV2_XFORMTYPE_MAX) + if (tpeer->xform_type >= IKEV2_XFORMTYPE_MAX) continue; if (noauth && tpeer->xform_type == IKEV2_XFORMTYPE_INTEGR) return (0); |