projects / oweals / tinc.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758)
[oweals/tinc.git] / src / protocol_key.c
diff --git a/src/protocol_key.c b/src/protocol_key.c
index ee292b65448dcee3e043ffd4a71cec0ad2cf96a2..6140a5321ece9be3815d03a9a689c4f14c36084d 100644 (file)
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -286,6 +286,11 @@ bool ans_key_h(connection_t *c) {
                        return true;
                }
        } else {
+               if(from->outkeylength != 1) {
+                       logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname);
+                       return true;
+               }
+
                from->outcipher = NULL;
        }
 
Unnamed repository; edit this file 'description' to name the repository.