From: tobhe <tobhe@openbsd.org>
Date: Sat, 2 Sep 2023 18:36:30 +0000 (+0000)
Subject: Make sure cert_type is not 0 to prevent leak of certid->id_buf.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=705c0eb9fc946a90eca4826e53d0efa2d1bca893;p=openbsd

Make sure cert_type is not 0 to prevent leak of certid->id_buf.

Found by David Linder
ok patrick@
---

diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c
index eb5400a9c14..f207fbfc348 100644
--- a/sbin/iked/ikev2_pld.c
+++ b/sbin/iked/ikev2_pld.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2_pld.c,v 1.132 2023/08/04 19:06:25 claudio Exp $	*/
+/*	$OpenBSD: ikev2_pld.c,v 1.133 2023/09/02 18:36:30 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -796,6 +796,10 @@ ikev2_validate_cert(struct iked_message *msg, size_t offset, size_t left,
 		return (-1);
 	}
 	memcpy(cert, msgbuf + offset, sizeof(*cert));
+	if (cert->cert_type == IKEV2_CERT_NONE) {
+		log_debug("%s: malformed payload: invalid cert type", __func__);
+		return (-1);
+	}
 
 	return (0);
 }