From 9c99ac36faeb4813970fb96a9e19e01214d5b3bb Mon Sep 17 00:00:00 2001 From: tobhe Date: Sun, 6 Nov 2022 11:11:47 +0000 Subject: [PATCH] Fix out-of-order string operations resulting in a wrongly calculated string size that could lead to a buffer overflow in ikev2_print_id(). Found by and fix from dropk1ck on github (issue #90) ok patrick@ mbuhl@ --- sbin/iked/ikev2.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index ab213a89097..43de6925581 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.355 2022/10/24 15:52:39 tobhe Exp $ */ +/* $OpenBSD: ikev2.c,v 1.356 2022/11/06 11:11:47 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -6921,8 +6921,8 @@ ikev2_print_id(struct iked_id *id, char *idstr, size_t idstrlen) strlcat(idstr, "/", idstrlen) >= idstrlen) return (-1); - idstr += strlen(idstr); idstrlen -= strlen(idstr); + idstr += strlen(idstr); switch (id->id_type) { case IKEV2_ID_IPV4: -- 2.20.1