From 9c1d2ff16282603136e0f5a7efa6263a98d51947 Mon Sep 17 00:00:00 2001 From: tobhe Date: Tue, 29 Jun 2021 15:39:20 +0000 Subject: [PATCH] Send AUTHENTICATION_FAILED in case of unexpected auth method or auth data not being accessible. From Claudia Priesterjahn @ achelos ok patrick@ --- sbin/iked/ikev2.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 9e890979110..c941351e9c5 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.324 2021/06/17 13:28:20 tobhe Exp $ */ +/* $OpenBSD: ikev2.c,v 1.325 2021/06/29 15:39:20 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -805,6 +805,7 @@ ikev2_auth_verify(struct iked *env, struct iked_sa *sa) ikev2_auth_map), print_map(ikeauth.auth_method, ikev2_auth_map)); + ikev2_send_auth_failed(env, sa); return (-1); } ikeauth.auth_method = sa->sa_peerauth.id_type; @@ -813,6 +814,7 @@ ikev2_auth_verify(struct iked *env, struct iked_sa *sa) sa->sa_hdr.sh_initiator)) == NULL) { log_debug("%s: failed to get auth data", __func__); + ikev2_send_auth_failed(env, sa); return (-1); } -- 2.20.1