projects / tinc / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758)
[tinc] / src / protocol_key.c
diff --git a/src/protocol_key.c b/src/protocol_key.c
index ee292b6..6140a53 100644 (file)
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -286,6 +286,11 @@ bool ans_key_h(connection_t *c) {
                        return true;
                }
        } else {
+               if(from->outkeylength != 1) {
+                       logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname);
+                       return true;
+               }
+
                from->outcipher = NULL;
        }
 
tinc, the VPN daemon