aboutsummaryrefslogtreecommitdiffstats
path: root/Source/charon/encoding/payloads/notify_payload.c
diff options
context:
space:
mode:
Diffstat (limited to 'Source/charon/encoding/payloads/notify_payload.c')
-rw-r--r--Source/charon/encoding/payloads/notify_payload.c16
1 files changed, 15 insertions, 1 deletions
diff --git a/Source/charon/encoding/payloads/notify_payload.c b/Source/charon/encoding/payloads/notify_payload.c
index dccc9d169..ee4b44e9e 100644
--- a/Source/charon/encoding/payloads/notify_payload.c
+++ b/Source/charon/encoding/payloads/notify_payload.c
@@ -180,8 +180,22 @@ static status_t verify(private_notify_payload_t *this)
return FAILED;
}
- /* notify message types and data is not getting checked in here */
+ /* TODO: Check all kinds of notify */
+ if (this->notify_message_type == INVALID_KE_PAYLOAD)
+ {
+ /* check notification data */
+ diffie_hellman_group_t dh_group;
+ if (this->notification_data.len != 2)
+ {
+ return FAILED;
+ }
+ dh_group = ntohs(*((u_int16_t*)this->notification_data.ptr));
+ if (dh_group < MODP_1024_BIT || dh_group > MODP_8192_BIT)
+ {
+ return FAILED;
+ }
+ }
return SUCCESS;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-19 17:41:50 +0000