From: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun, 9 Sep 2018 14:44:43 +0000 (+0200)
Subject: Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758)
X-Git-Tag: release-1.0.35~11
X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f;hp=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a

Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758)

If a man-in-the-middle has intercepted the TCP connection it might be
able to force plaintext UDP packets between two nodes for up to
a PingInterval period.
---

diff --git a/src/protocol_key.c b/src/protocol_key.c
index ee292b65..6140a532 100644
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -286,6 +286,11 @@ bool ans_key_h(connection_t *c) {
 			return true;
 		}
 	} else {
+		if(from->outkeylength != 1) {
+			logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname);
+			return true;
+		}
+
 		from->outcipher = NULL;
 	}