From 3eaa2c83012e40d69be17fd8555f5caa5bdd72c5 Mon Sep 17 00:00:00 2001
From: tobhe <tobhe@openbsd.org>
Date: Wed, 1 Apr 2026 19:04:22 +0000
Subject: [PATCH] If we receive a response it must have the exact same msgid as
 the last request we sent, so make sure they match exactly rather than
 allowing higher msgids. We can't handle out of order responses and if we
 don't receive a response in time we retransmit our request until we get one
 or run into a timeout.

Found by Dirk Loss
ok markus@ hshoexer@
---
 sbin/iked/ikev2.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index 9fb88c068b8..e235542ab29 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2.c,v 1.396 2026/04/01 18:36:49 tobhe Exp $	*/
+/*	$OpenBSD: ikev2.c,v 1.397 2026/04/01 19:04:22 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -713,7 +713,7 @@ ikev2_recv(struct iked *env, struct iked_message *msg)
 	}
 
 	if (msg->msg_response) {
-		if (msg->msg_msgid > sa->sa_reqid) {
+		if (msg->msg_msgid + 1 != sa->sa_reqid) {
 			ikestat_inc(env, ikes_msg_rcvd_dropped);
 			return;
 		}