CVSROOT: /cvs
Module name: src
Changes by: to...@cvs.openbsd.org 2022/07/04 02:39:55
Modified files:
sbin/iked : ikev2.c
Log message:
Fix error in the comparison of the Child SA nonces to decide which
SA shall be deleted. ni should be set to the minimum nonce for the
exchange intitiated by us while nr should be the smaller of the
nonces of the simultaneous exchange initiated by the peer, which
is stored in sa_simulat.
This fixes the ni < nr comparison below and makes sure our Child SA
is only deleted in the correct case as specified in RFC 7296.
Reported by and fix from Sibar Soumi <sibar.soumi (at) achelos.de>
ok mbuhl@
