New commits:
commit 12204881493d2095e4414b60daf8d0ef3701d4c3
Author: Paul Wouters <[email protected]>
Date: Sun Jan 17 13:21:52 2016 -0500
updated changes
commit 4f109dd7c0e36f3d87a8b57273586e29f386ccc6
Author: Paul Wouters <[email protected]>
Date: Sun Jan 17 13:19:25 2016 -0500
IKEv2: Ignore IKE_INIT replies with DOS COOKIE > 64 bytes
The RFC does state the limit (albeit a bit hidden) and we did not
enforce it. The SLOTH attack uses it (although the attack in itself
cannot work for other reasons, such as randomized SPIs)
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
