Home Explore Help
Register Sign In
OWEALs
/
tinc
mirror of https://tinc-vpn.org/git/tinc
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758)

If a man-in-the-middle has intercepted the TCP connection it might be
able to force plaintext UDP packets between two nodes for up to
a PingInterval period.
Guus Sliepen 5 years ago
parent
d3297fbd3b
commit
e97943b7cc
1 changed files with 5 additions and 0 deletions
Split View Show Diff Stats
  1. 5 0
      src/protocol_key.c

+ 5 - 0
src/protocol_key.c
View File 

@@ -286,6 +286,11 @@ bool ans_key_h(connection_t *c) {
 
 			return true;
 
 		}
 
 	} else {
 
+		if(from->outkeylength != 1) {
 
+			logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname);
 
+			return true;
 
+		}
 
+
 
 		from->outcipher = NULL;
 
 	}