Module Name: src Committed By: vanhu Date: Thu Aug 13 09:18:45 UTC 2009
Modified Files: src/crypto/dist/ipsec-tools/src/racoon [ipsec-tools-0_7-branch]: oakley.c Log Message: fixed a potential DoS in oakley_do_decrypt(), reported by Orange Labs To generate a diff of this commit: cvs rdiff -u -r1.9.6.3 -r1.9.6.4 \ src/crypto/dist/ipsec-tools/src/racoon/oakley.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/dist/ipsec-tools/src/racoon/oakley.c diff -u src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.9.6.3 src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.9.6.4 --- src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.9.6.3 Thu Mar 6 17:00:25 2008 +++ src/crypto/dist/ipsec-tools/src/racoon/oakley.c Thu Aug 13 09:18:45 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: oakley.c,v 1.9.6.3 2008/03/06 17:00:25 vanhu Exp $ */ +/* $NetBSD: oakley.c,v 1.9.6.4 2009/08/13 09:18:45 vanhu Exp $ */ /* Id: oakley.c,v 1.32 2006/05/26 12:19:46 manubsd Exp */ @@ -3116,7 +3116,7 @@ /* do decrypt */ new = alg_oakley_encdef_decrypt(iph1->approval->enctype, buf, iph1->key, ivdp); - if (new == NULL) { + if (new == NULL || new->v == NULL || new->l == 0) { plog(LLV_ERROR, LOCATION, NULL, "decryption %d failed.\n", iph1->approval->enctype); goto end;