Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758)
authorGuus Sliepen <guus@tinc-vpn.org>
Sun, 9 Sep 2018 14:44:43 +0000 (16:44 +0200)
committerGuus Sliepen <guus@tinc-vpn.org>
Wed, 12 Sep 2018 19:51:55 +0000 (21:51 +0200)
If a man-in-the-middle has intercepted the TCP connection it might be
able to force plaintext UDP packets between two nodes for up to
a PingInterval period.

src/protocol_key.c

index ee292b65448dcee3e043ffd4a71cec0ad2cf96a2..6140a5321ece9be3815d03a9a689c4f14c36084d 100644 (file)
@@ -286,6 +286,11 @@ bool ans_key_h(connection_t *c) {
                        return true;
                }
        } else {
+               if(from->outkeylength != 1) {
+                       logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname);
+                       return true;
+               }
+
                from->outcipher = NULL;
        }