Check the LOCAL_AUTH payload.

1 files changed, 18 insertions, 3 deletions

diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c
index 0948674f8e9..88085515928 100644
--- a/sys/net/pfkeyv2_parsemessage.c
+++ b/sys/net/pfkeyv2_parsemessage.c
@@ -60,9 +60,10 @@ you didn't get a copy, you may request one from <license@inner.net>.
 #define BITMAP_X_SA2                   (1 << SADB_X_EXT_SA2)
 #define BITMAP_X_DST2                  (1 << SADB_X_EXT_DST2)
 #define BITMAP_X_POLICY                (1 << SADB_X_EXT_POLICY)
-#define BITMAP_X_LOCAL_CREDENTIALS       (1 << SADB_X_EXT_LOCAL_CREDENTIALS)
-#define BITMAP_X_REMOTE_CREDENTIALS       (1 << SADB_X_EXT_REMOTE_CREDENTIALS)
-#define BITMAP_X_CREDENTIALS           (BITMAP_X_LOCAL_CREDENTIALS | BITMAP_X_REMOTE_CREDENTIALS)
+#define BITMAP_X_LOCAL_CREDENTIALS     (1 << SADB_X_EXT_LOCAL_CREDENTIALS)
+#define BITMAP_X_REMOTE_CREDENTIALS    (1 << SADB_X_EXT_REMOTE_CREDENTIALS)
+#define BITMAP_X_LOCAL_AUTH            (1 << SADB_X_EXT_LOCAL_AUTH)
+#define BITMAP_X_CREDENTIALS           (BITMAP_X_LOCAL_CREDENTIALS | BITMAP_X_REMOTE_CREDENTIALS | BITMAP_X_LOCAL_AUTH)
 #define BITMAP_X_FLOW                  (BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW)
 
 uint32_t sadb_exts_allowed_in[SADB_MAX+1] =
@@ -418,6 +419,20 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
 	    return EINVAL;
 	}
 	break;
+     case SADB_X_EXT_LOCAL_AUTH:
+        {
+	  struct sadb_cred *sadb_cred = (struct sadb_cred *)p;
+
+	  if (i < sizeof(struct sadb_cred))
+	    return EINVAL;
+
+	  if (sadb_cred->sadb_cred_type > SADB_AUTHTYPE_MAX)
+	    return EINVAL;
+
+	  if (sadb_cred->sadb_cred_reserved)
+	    return EINVAL;
+	}
+	break;
      case SADB_X_EXT_LOCAL_CREDENTIALS:
      case SADB_X_EXT_REMOTE_CREDENTIALS:
 	{