diff options
| author | Tobias Heider <tobhe@cvs.openbsd.org> | 2022-10-24 15:52:40 +0000 |
|---|---|---|
| committer | Tobias Heider <tobhe@cvs.openbsd.org> | 2022-10-24 15:52:40 +0000 |
| commit | 3e122a9f34c1b6fbe019bd514c71866473185f33 (patch) | |
| tree | 51e0b6030b26e0df4d4994866f9660a22c7f288e /sbin | |
| parent | 492d6afd13b0c019785cb2b706d636ece0d4765e (diff) | |
Fix DH group lookup when checking if PFS is required. Compare ID
directly instead of calling group_get() and leaking the result.
ok markus@
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/iked/ikev2.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 9c13905d1c0..ab213a89097 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.354 2022/10/10 11:33:55 tobhe Exp $ */ +/* $OpenBSD: ikev2.c,v 1.355 2022/10/24 15:52:39 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -4156,7 +4156,7 @@ ikev2_send_create_child_sa(struct iked *env, struct iked_sa *sa, len = ibuf_size(nonce); if ((xform = config_findtransform(&pol->pol_proposals, IKEV2_XFORMTYPE_DH, - protoid)) && group_get(xform->xform_id) != IKEV2_XFORMDH_NONE) { + protoid)) && xform->xform_id != IKEV2_XFORMDH_NONE) { log_debug("%s: enable PFS", __func__); ikev2_sa_cleanup_dh(sa); if (proposed_group) { |