From c98b4d41329e84cad093f4ef0270262da8646f8d Mon Sep 17 00:00:00 2001 From: Tobias Heider Date: Sat, 2 Sep 2023 18:36:31 +0000 Subject: Make sure cert_type is not 0 to prevent leak of certid->id_buf. Found by David Linder ok patrick@ --- sbin/iked/ikev2_pld.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'sbin') diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c index eb5400a9c14..f207fbfc348 100644 --- a/sbin/iked/ikev2_pld.c +++ b/sbin/iked/ikev2_pld.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2_pld.c,v 1.132 2023/08/04 19:06:25 claudio Exp $ */ +/* $OpenBSD: ikev2_pld.c,v 1.133 2023/09/02 18:36:30 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -796,6 +796,10 @@ ikev2_validate_cert(struct iked_message *msg, size_t offset, size_t left, return (-1); } memcpy(cert, msgbuf + offset, sizeof(*cert)); + if (cert->cert_type == IKEV2_CERT_NONE) { + log_debug("%s: malformed payload: invalid cert type", __func__); + return (-1); + } return (0); } -- cgit v1.2.3