From 71a43ff20f2440877f05508f529a1cd09c0e5476 Mon Sep 17 00:00:00 2001 From: tobhe Date: Tue, 16 Feb 2021 21:07:43 +0000 Subject: [PATCH] Fail on duplicate KE payload. ok patrick@ --- sbin/iked/ikev2_pld.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c index f91b4cefa2c..d8551e1f8db 100644 --- a/sbin/iked/ikev2_pld.c +++ b/sbin/iked/ikev2_pld.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2_pld.c,v 1.114 2020/11/25 22:17:14 tobhe Exp $ */ +/* $OpenBSD: ikev2_pld.c,v 1.115 2021/02/16 21:07:43 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -684,6 +684,10 @@ ikev2_pld_ke(struct iked *env, struct ikev2_payload *pld, print_hex(buf, 0, len); if (ikev2_msg_frompeer(msg)) { + if (ibuf_length(msg->msg_parent->msg_ke)) { + log_info("%s: duplicate KE payload", __func__); + return (-1); + } ibuf_release(msg->msg_parent->msg_ke); if ((msg->msg_parent->msg_ke = ibuf_new(buf, len)) == NULL) { log_debug("%s: failed to get exchange", __func__); -- 2.20.1