projects
/
oweals
/
tinc.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758)
[oweals/tinc.git]
/
src
/
protocol_key.c
diff --git
a/src/protocol_key.c
b/src/protocol_key.c
index ee292b65448dcee3e043ffd4a71cec0ad2cf96a2..6140a5321ece9be3815d03a9a689c4f14c36084d 100644
(file)
--- a/
src/protocol_key.c
+++ b/
src/protocol_key.c
@@
-286,6
+286,11
@@
bool ans_key_h(connection_t *c) {
return true;
}
} else {
+ if(from->outkeylength != 1) {
+ logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname);
+ return true;
+ }
+
from->outcipher = NULL;
}