diff options
| author | Tobias Heider <tobhe@cvs.openbsd.org> | 2023-09-02 18:36:31 +0000 |
|---|---|---|
| committer | Tobias Heider <tobhe@cvs.openbsd.org> | 2023-09-02 18:36:31 +0000 |
| commit | c98b4d41329e84cad093f4ef0270262da8646f8d (patch) | |
| tree | 7e63d3676156f4506a3794cb0d7bed4d4f72693d /sbin | |
| parent | 5c0beaf7bfcb898b32558a4acedfffa6ccdb3bb5 (diff) | |
Make sure cert_type is not 0 to prevent leak of certid->id_buf.
Found by David Linder
ok patrick@
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/iked/ikev2_pld.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c index eb5400a9c14..f207fbfc348 100644 --- a/sbin/iked/ikev2_pld.c +++ b/sbin/iked/ikev2_pld.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2_pld.c,v 1.132 2023/08/04 19:06:25 claudio Exp $ */ +/* $OpenBSD: ikev2_pld.c,v 1.133 2023/09/02 18:36:30 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -796,6 +796,10 @@ ikev2_validate_cert(struct iked_message *msg, size_t offset, size_t left, return (-1); } memcpy(cert, msgbuf + offset, sizeof(*cert)); + if (cert->cert_type == IKEV2_CERT_NONE) { + log_debug("%s: malformed payload: invalid cert type", __func__); + return (-1); + } return (0); } |