summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sbin/isakmpd/exchange.c14
1 files changed, 13 insertions, 1 deletions
diff --git a/sbin/isakmpd/exchange.c b/sbin/isakmpd/exchange.c
index 1c4ef1f18a0..d5b2f5333e3 100644
--- a/sbin/isakmpd/exchange.c
+++ b/sbin/isakmpd/exchange.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: exchange.c,v 1.104 2004/09/17 13:53:08 ho Exp $ */
+/* $OpenBSD: exchange.c,v 1.105 2004/12/06 12:28:21 ho Exp $ */
/* $EOM: exchange.c,v 1.143 2000/12/04 00:02:25 angelos Exp $ */
/*
@@ -1534,6 +1534,18 @@ exchange_nonce(struct exchange *exchange, int peer, size_t nonce_sz,
int initiator = exchange->initiator ^ peer;
char header[32];
+ if (nonce_sz < 8 || nonce_sz > 256) {
+ /*
+ * RFC2409, ch 5: The length of nonce payload MUST be
+ * between 8 and 256 bytes inclusive.
+ * XXX I'm assuming the generic payload header is not included.
+ */
+ LOG_DBG((LOG_EXCHANGE, 20,
+ "exchange_nonce: invalid nonce length %lu",
+ (unsigned long)nonce_sz));
+ return -1;
+ }
+
nonce = initiator ? &exchange->nonce_i : &exchange->nonce_r;
nonce_len =
initiator ? &exchange->nonce_i_len : &exchange->nonce_r_len;
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-26 15:08:56 +0000