ikev2: Check the length of received COOKIE notifies
authorTobias Brunner <tobias@strongswan.org>
Tue, 27 Aug 2019 16:32:32 +0000 (18:32 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 28 Aug 2019 10:15:27 +0000 (12:15 +0200)
As specified by RFC 7296, section 2.6, the data associated with COOKIE
notifications MUST be between 1 and 64 octets in length (inclusive).

Fixes #3160.

src/libcharon/encoding/payloads/notify_payload.c

index a69db93..fc5c198 100644 (file)
@@ -467,6 +467,14 @@ METHOD(payload_t, verify, status_t,
                        }
                        break;
                }
+               case COOKIE:
+               {
+                       if (this->notify_data.len < 1 || this->notify_data.len > 64)
+                       {
+                               bad_length = TRUE;
+                       }
+                       break;
+               }
                case ADDITIONAL_IP4_ADDRESS:
                {
                        if (this->notify_data.len != 4)