Module Name:    src
Committed By:   vanhu
Date:           Thu Aug 13 09:18:45 UTC 2009

Modified Files:
        src/crypto/dist/ipsec-tools/src/racoon [ipsec-tools-0_7-branch]:
            oakley.c

Log Message:
fixed a potential DoS in oakley_do_decrypt(), reported by Orange Labs


To generate a diff of this commit:
cvs rdiff -u -r1.9.6.3 -r1.9.6.4 \
    src/crypto/dist/ipsec-tools/src/racoon/oakley.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/oakley.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.9.6.3 src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.9.6.4
--- src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.9.6.3	Thu Mar  6 17:00:25 2008
+++ src/crypto/dist/ipsec-tools/src/racoon/oakley.c	Thu Aug 13 09:18:45 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: oakley.c,v 1.9.6.3 2008/03/06 17:00:25 vanhu Exp $	*/
+/*	$NetBSD: oakley.c,v 1.9.6.4 2009/08/13 09:18:45 vanhu Exp $	*/
 
 /* Id: oakley.c,v 1.32 2006/05/26 12:19:46 manubsd Exp */
 
@@ -3116,7 +3116,7 @@
 	/* do decrypt */
 	new = alg_oakley_encdef_decrypt(iph1->approval->enctype,
 					buf, iph1->key, ivdp);
-	if (new == NULL) {
+	if (new == NULL || new->v == NULL || new->l == 0) {
 		plog(LLV_ERROR, LOCATION, NULL,
 			"decryption %d failed.\n", iph1->approval->enctype);
 		goto end;

Reply via email to