From 84e14747b93917bcd428efb52720e81cda785038 Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 31 Mar 2023 20:16:55 +0000 Subject: [PATCH] Add missing NULL check after group_get() Otherwise dh_getlen() will dereference ie->group and crash. looks correct to hshoexer --- sbin/isakmpd/ike_quick_mode.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c index 286f5c7de57..354ccc5fd6b 100644 --- a/sbin/isakmpd/ike_quick_mode.c +++ b/sbin/isakmpd/ike_quick_mode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_quick_mode.c,v 1.114 2018/01/15 09:54:48 mpi Exp $ */ +/* $OpenBSD: ike_quick_mode.c,v 1.115 2023/03/31 20:16:55 tb Exp $ */ /* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */ /* @@ -893,6 +893,8 @@ initiator_send_HASH_SA_NONCE(struct message *msg) /* Generate optional KEY_EXCH payload. */ if (group_desc > 0) { ie->group = group_get(group_desc); + if (!ie->group) + return -1; ie->g_x_len = dh_getlen(ie->group); if (ipsec_gen_g_x(msg)) { -- 2.20.1