From 705c0eb9fc946a90eca4826e53d0efa2d1bca893 Mon Sep 17 00:00:00 2001
From: tobhe <tobhe@openbsd.org>
Date: Sat, 2 Sep 2023 18:36:30 +0000
Subject: [PATCH] Make sure cert_type is not 0 to prevent leak of
 certid->id_buf.

Found by David Linder
ok patrick@
---
 sbin/iked/ikev2_pld.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c
index eb5400a9c14..f207fbfc348 100644
--- a/sbin/iked/ikev2_pld.c
+++ b/sbin/iked/ikev2_pld.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2_pld.c,v 1.132 2023/08/04 19:06:25 claudio Exp $	*/
+/*	$OpenBSD: ikev2_pld.c,v 1.133 2023/09/02 18:36:30 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -796,6 +796,10 @@ ikev2_validate_cert(struct iked_message *msg, size_t offset, size_t left,
 		return (-1);
 	}
 	memcpy(cert, msgbuf + offset, sizeof(*cert));
+	if (cert->cert_type == IKEV2_CERT_NONE) {
+		log_debug("%s: malformed payload: invalid cert type", __func__);
+		return (-1);
+	}
 
 	return (0);
 }
-- 
2.20.1