unknown-payload: Use a new private payload type and make original type available
authorTobias Brunner <tobias@strongswan.org>
Fri, 15 May 2015 09:15:57 +0000 (11:15 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 1 Jun 2015 07:42:11 +0000 (09:42 +0200)
commit150764743486aad072351774ad8476e1843095f0
treef56d9a03c479e7d906ccfb8a4e9441444dc341a5
parent62e0abe7591489c563c3d4380054050af9cb4838
unknown-payload: Use a new private payload type and make original type available

This fixes a DoS and potential remote code execution vulnerability that was
caused because the original payload type that was returned previously was
used to cast such payload objects to payloads of the indicated type (e.g.
when logging notify payloads with a payload type for the wrong IKE version).

Fixes CVE-2015-3991.
src/libcharon/encoding/message.c
src/libcharon/encoding/payloads/payload.c
src/libcharon/encoding/payloads/payload.h
src/libcharon/encoding/payloads/unknown_payload.c
src/libcharon/encoding/payloads/unknown_payload.h
src/libcharon/sa/ikev2/task_manager_v2.c