If we receive a response it must have the exact same msgid as the last

mirror of https://github.com/openbsd/src.git synced 2026-04-27 07:36:50 +00:00

request we sent, so make sure they match exactly rather than allowing
higher msgids.
We can't handle out of order responses and if we don't receive a response
in time we retransmit our request until we get one or run into a timeout.

Found by Dirk Loss
ok markus@ hshoexer@

This commit is contained in:

tobhe

2026-04-01 19:04:22 +00:00

parent 0ea06f527d

commit 3eaa2c8301

1 changed files with 2 additions and 2 deletions

									
										4

sbin/iked/ikev2.c
									
												View File
												
				@@ -1,4 +1,4 @@

				/*	$OpenBSD: ikev2.c,v 1.396 2026/04/01 18:36:49 tobhe Exp $	*/

				/*	$OpenBSD: ikev2.c,v 1.397 2026/04/01 19:04:22 tobhe Exp $	*/

				/*

				 * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>

				@@ -713,7 +713,7 @@ ikev2_recv(struct iked *env, struct iked_message *msg)

					}

					if (msg->msg_response) {

						if (msg->msg_msgid > sa->sa_reqid) {

						if (msg->msg_msgid + 1 != sa->sa_reqid) {

							ikestat_inc(env, ikes_msg_rcvd_dropped);

							return;

						}

If we receive a response it must have the exact same msgid as the last

4 sbin/iked/ikev2.c Unescape Escape View File

4

sbin/iked/ikev2.c

View File