openbsd/src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2026-06-17 23:03:29 +02:00
Code Activity

isakmpd: Fix NULL dereference in message_validate_sa()

Browse Source 
When the responder cookie is non-zero but sa_lookup_by_header()
finds no matching SA, msg->isakmp_sa is NULL.  Thus check before
dereferencing.
This commit is contained in:
hshoexer
2026-06-16 11:50:53 +00:00
parent 50d94f9ab6
commit 2f229140c8
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
sbin/isakmpd/message.c
+3 -2
View File
@@ -1,4 +1,4 @@
/* $OpenBSD: message.c,v 1.133 2026/06/11 09:55:17 hshoexer Exp $ */ /* $OpenBSD: message.c,v 1.134 2026/06/16 11:50:53 hshoexer Exp $ */
/* $EOM: message.c,v 1.156 2000/10/10 12:36:39 provos Exp $ */ /* $EOM: message.c,v 1.156 2000/10/10 12:36:39 provos Exp $ */
/* /*
@@ -1053,7 +1053,8 @@ message_validate_sa(struct message *msg, struct payload *p)
if (zero_test(pkt + ISAKMP_HDR_RCOOKIE_OFF, if (zero_test(pkt + ISAKMP_HDR_RCOOKIE_OFF,
ISAKMP_HDR_RCOOKIE_LEN)) ISAKMP_HDR_RCOOKIE_LEN))
exchange = exchange_setup_p1(msg, doi_id); exchange = exchange_setup_p1(msg, doi_id);
else if (msg->isakmp_sa->flags & SA_FLAG_READY) else if (msg->isakmp_sa &&
(msg->isakmp_sa->flags & SA_FLAG_READY))
exchange = exchange_setup_p2(msg, doi_id); exchange = exchange_setup_p2(msg, doi_id);
else { else {
/* XXX What to do here? */ /* XXX What to do here? */