CVS: cvs.openbsd.org: src

[Hans-Joerg Hoexer]

CVSROOT:        /cvs
Module name:    src
Changes by:     hshoe...@cvs.openbsd.org        2026/05/28 03:54:05

Modified files:
        sbin/iked      : pfkey.c 
        sbin/isakmpd   : pf_key_v2.c 
        usr.sbin/bgpd  : pfkey.c 
        usr.sbin/ldpd  : pfkey.c 

Log message:
Avoid infinite loop when parsing PFKEY replies

In bgpd, iked, isakmpd, ldpd and sasyncd we have similar code to
parse PFKEY replies from the kernel.  To avoid an infinite loop on
malformed replies validate the SADB extension size.

For consistency with the other daemons rewrite the parsing loop of
iked.

sasyncd already validates the extension size, so no change needed.

ok claudio@ tb@ tobhe@