From b528e2efc28e96840ad933398c9d8802737b97a0 Mon Sep 17 00:00:00 2001
From: Hakan Olsson <ho@cvs.openbsd.org>
Date: Mon, 6 Dec 2004 12:28:22 +0000
Subject: RFC2409 mandates min and max nonce lengths. hshoexer@ ok.

---
 sbin/isakmpd/exchange.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'sbin/isakmpd/exchange.c')

diff --git a/sbin/isakmpd/exchange.c b/sbin/isakmpd/exchange.c
index 1c4ef1f18a0..d5b2f5333e3 100644
--- a/sbin/isakmpd/exchange.c
+++ b/sbin/isakmpd/exchange.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: exchange.c,v 1.104 2004/09/17 13:53:08 ho Exp $	 */
+/* $OpenBSD: exchange.c,v 1.105 2004/12/06 12:28:21 ho Exp $	 */
 /* $EOM: exchange.c,v 1.143 2000/12/04 00:02:25 angelos Exp $	 */
 
 /*
@@ -1534,6 +1534,18 @@ exchange_nonce(struct exchange *exchange, int peer, size_t nonce_sz,
 	int		initiator = exchange->initiator ^ peer;
 	char            header[32];
 
+	if (nonce_sz < 8 || nonce_sz > 256) {
+		/*
+		 * RFC2409, ch 5: The length of nonce payload MUST be 
+		 * between 8 and 256 bytes inclusive.
+		 * XXX I'm assuming the generic payload header is not included.
+		 */
+		LOG_DBG((LOG_EXCHANGE, 20,
+		    "exchange_nonce: invalid nonce length %lu",
+		    (unsigned long)nonce_sz));
+		return -1;
+	}
+
 	nonce = initiator ? &exchange->nonce_i : &exchange->nonce_r;
 	nonce_len =
 	    initiator ? &exchange->nonce_i_len : &exchange->nonce_r_len;
-- 
cgit v1.2.3