From c5ffeef8644bb7246e2ea9a9f35b94f0775ba828 Mon Sep 17 00:00:00 2001 From: Jonathan Gray Date: Sun, 12 Oct 2014 15:57:01 +0000 Subject: DH_compute_key() returns -1 on error but this was not handled by testing the result with a negation. Ralf Horstmann discovered iked would segfault when connecting from Strongswan on Android because of this and supplied the patch to fix the problem. ok reyk@ --- sbin/iked/dh.c | 4 ++-- sbin/isakmpd/dh.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/sbin/iked/dh.c b/sbin/iked/dh.c index 7a26712a2bb..8fe965dfa46 100644 --- a/sbin/iked/dh.c +++ b/sbin/iked/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.14 2014/08/27 10:28:57 reyk Exp $ */ +/* $OpenBSD: dh.c,v 1.15 2014/10/12 15:57:00 jsg Exp $ */ /* * Copyright (c) 2010-2014 Reyk Floeter @@ -472,7 +472,7 @@ modp_create_shared(struct group *group, u_int8_t *secret, u_int8_t *exchange) ret = DH_compute_key(secret, ex, group->dh); BN_clear_free(ex); - if (!ret) + if (ret <= 0) return (-1); /* add zero padding */ diff --git a/sbin/isakmpd/dh.c b/sbin/isakmpd/dh.c index bf94d0e2854..d15856b7210 100644 --- a/sbin/isakmpd/dh.c +++ b/sbin/isakmpd/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.17 2014/08/25 14:42:23 reyk Exp $ */ +/* $OpenBSD: dh.c,v 1.18 2014/10/12 15:57:00 jsg Exp $ */ /* * Copyright (c) 2010-2014 Reyk Floeter @@ -439,7 +439,7 @@ modp_create_shared(struct group *group, u_int8_t *secret, u_int8_t *exchange) ret = DH_compute_key(secret, ex, group->dh); BN_clear_free(ex); - if (!ret) + if (ret <= 0) return (-1); /* add zero padding */ -- cgit v1.2.3