Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758)

If a man-in-the-middle has intercepted the TCP connection it might be
able to force plaintext UDP packets between two nodes for up to
a PingInterval period.

diff --git a/src/protocol_key.c b/src/protocol_key.c
index ee292b65448dcee3e043ffd4a71cec0ad2cf96a2..6140a5321ece9be3815d03a9a689c4f14c36084d 100644 (file)
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -286,6 +286,11 @@ bool ans_key_h(connection_t *c) {
                        return true;
                }
        } else {
+               if(from->outkeylength != 1) {
+                       logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname);
+                       return true;
+               }
+
                from->outcipher = NULL;
        }