Module Name: src
Committed By: vanhu
Date: Thu Aug 13 09:18:28 UTC 2009
Modified Files:
src/crypto/dist/ipsec-tools/src/racoon: oakley.c
Log Message:
fixed a potential DoS in oakley_do_decrypt(), reported by Orange Labs
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/crypto/dist/ipsec-tools/src/racoon/oakley.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/racoon/oakley.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.14 src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.15
--- src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.14 Thu Mar 12 10:57:26 2009
+++ src/crypto/dist/ipsec-tools/src/racoon/oakley.c Thu Aug 13 09:18:28 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: oakley.c,v 1.14 2009/03/12 10:57:26 tteras Exp $ */
+/* $NetBSD: oakley.c,v 1.15 2009/08/13 09:18:28 vanhu Exp $ */
/* Id: oakley.c,v 1.32 2006/05/26 12:19:46 manubsd Exp */
@@ -3001,7 +3001,7 @@
/* do decrypt */
new = alg_oakley_encdef_decrypt(iph1->approval->enctype,
buf, iph1->key, ivdp);
- if (new == NULL) {
+ if (new == NULL || new->v == NULL || new->l == 0) {
plog(LLV_ERROR, LOCATION, NULL,
"decryption %d failed.\n", iph1->approval->enctype);
goto end;
