Skip to content

Commit 2899351

Browse files
committed
SECURITY: Properly handle IKEv2 I1 notification packet without KE payload
1 parent daf45e1 commit 2899351

File tree

1 file changed

+18
-13
lines changed

1 file changed

+18
-13
lines changed

Diff for: programs/pluto/ikev2_parent.c

+18-13
Original file line numberDiff line numberDiff line change
@@ -306,8 +306,6 @@ static void ikev2_parent_outI1_continue(struct pluto_crypto_req_cont *pcrc,
306306
}
307307
reset_cur_state();
308308
reset_globals();
309-
310-
passert(GLOBALS_ARE_RESET());
311309
}
312310

313311
/*
@@ -729,18 +727,31 @@ stf_status ikev2parent_inI1outR1(struct msg_digest *md)
729727
*/
730728
{
731729
struct ikev2_ke *ke;
730+
char fromname[ADDRTOT_BUF];
731+
addrtot(&md->sender, 0, fromname, ADDRTOT_BUF);
732+
733+
if (!md->chain[ISAKMP_NEXT_v2KE]) {
734+
/* is this a notify? If so, log it */
735+
if(md->chain[ISAKMP_NEXT_v2N]) {
736+
libreswan_log("Received Notify(%d): %s",
737+
md->chain[ISAKMP_NEXT_v2N]->payload.v2n.isan_type,
738+
enum_name(&ikev2_notify_names,
739+
md->chain[ISAKMP_NEXT_v2N]->payload.v2n.isan_type));
740+
}
741+
libreswan_log(
742+
"rejecting I1 from %s:%u, no KE payload present",
743+
fromname, md->sender_port);
744+
return STF_FAIL + v2N_INVALID_KE_PAYLOAD;
745+
}
732746
ke = &md->chain[ISAKMP_NEXT_v2KE]->payload.v2ke;
733747

734748
st->st_oakley.group = lookup_group(ke->isak_group);
735749
if (st->st_oakley.group == NULL) {
736-
char fromname[ADDRTOT_BUF];
737-
738-
addrtot(&md->sender, 0, fromname, ADDRTOT_BUF);
739750
libreswan_log(
740751
"rejecting I1 from %s:%u, invalid DH group=%u",
741752
fromname, md->sender_port,
742753
ke->isak_group);
743-
return v2N_INVALID_KE_PAYLOAD;
754+
return STF_FAIL + v2N_INVALID_KE_PAYLOAD;
744755
}
745756
}
746757

@@ -819,8 +830,6 @@ static void ikev2_parent_inI1outR1_continue(struct pluto_crypto_req_cont *pcrc,
819830
release_md(ke->md);
820831
}
821832
reset_globals();
822-
823-
passert(GLOBALS_ARE_RESET());
824833
}
825834

826835
static stf_status ikev2_parent_inI1outR1_tail(
@@ -1145,8 +1154,6 @@ static void ikev2_parent_inR1outI2_continue(struct pluto_crypto_req_cont *pcrc,
11451154
release_md(dh->md);
11461155
}
11471156
reset_globals();
1148-
1149-
passert(GLOBALS_ARE_RESET());
11501157
}
11511158

11521159
static void ikev2_padup_pre_encrypt(struct msg_digest *md,
@@ -1714,7 +1721,7 @@ stf_status ikev2parent_inI2outR2(struct msg_digest *md)
17141721
/* verify that there is in fact an encrypted payload */
17151722
if (!md->chain[ISAKMP_NEXT_v2E]) {
17161723
libreswan_log("R2 state should receive an encrypted payload");
1717-
reset_globals();
1724+
reset_globals(); /* XXX suspicious - why was this deemed neccessary? */
17181725
return STF_FATAL;
17191726
}
17201727

@@ -1794,8 +1801,6 @@ static void ikev2_parent_inI2outR2_continue(struct pluto_crypto_req_cont *pcrc,
17941801
release_md(dh->md);
17951802
}
17961803
reset_globals();
1797-
1798-
passert(GLOBALS_ARE_RESET());
17991804
}
18001805

18011806
static stf_status ikev2_parent_inI2outR2_tail(

0 commit comments

Comments
 (0)