From 0cad656418ad906f58ce4cf2c29c81b8365b8b08 Mon Sep 17 00:00:00 2001
From: tobhe <tobhe@openbsd.org>
Date: Fri, 19 Feb 2021 21:52:53 +0000
Subject: [PATCH] Fail on duplicate nonce payload.

ok patrick@
---
 sbin/iked/ikev2_pld.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c
index ad407f7293d..026d245b172 100644
--- a/sbin/iked/ikev2_pld.c
+++ b/sbin/iked/ikev2_pld.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2_pld.c,v 1.116 2021/02/18 21:39:36 tobhe Exp $	*/
+/*	$OpenBSD: ikev2_pld.c,v 1.117 2021/02/19 21:52:53 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -988,7 +988,10 @@ ikev2_pld_nonce(struct iked *env, struct ikev2_payload *pld,
 	print_hex(buf, 0, len);
 
 	if (ikev2_msg_frompeer(msg)) {
-		ibuf_release(msg->msg_nonce);
+		if (ibuf_length(msg->msg_parent->msg_nonce)) {
+			log_info("%s: duplicate NONCE payload", __func__);
+			return (-1);
+		}
 		if ((msg->msg_nonce = ibuf_new(buf, len)) == NULL) {
 			log_debug("%s: failed to get peer nonce", __func__);
 			return (-1);
-- 
2.20.1