Merge 8e8cb4d4f3 into c2a7aa5481

Merge branch 'SoftEtherVPN:master' into master
Merge pull request from GHSA-j35p-p8pj-vqxq
2024-06-24 08:20:19 +00:00 · 2024-06-24 11:20:15 +03:00 · 2024-06-22 18:57:28 +02:00 · 2024-06-22 18:53:35 +02:00 · 2024-06-13 16:31:27 +03:00 · 2024-05-23 10:24:18 +03:00
2 changed files with 7 additions and 33 deletions
--- a/src/Cedar/Proto_IKE.c
+++ b/src/Cedar/Proto_IKE.c
@ -463,39 +463,13 @@ void ProcIPsecEspPacketRecv(IKE_SERVER *ike, UDPPACKET *p)
 	seq = READ_UINT(src + sizeof(UINT));

 	// Search and retrieve the IPsec SA from SPI
+
+	// thank to @phillibert report, responding to bad SA might lead to amplification
+	// according to RFC4303 we should drop such packets
+
 	ipsec_sa = SearchClientToServerIPsecSaBySpi(ike, spi);
 	if (ipsec_sa == NULL)
 	{
-		// Invalid SPI
-		UINT64 init_cookie = Rand64();
-		UINT64 resp_cookie = 0;
-		IKE_CLIENT *c = NULL;
-		IKE_CLIENT t;
-
-
-		Copy(&t.ClientIP, &p->SrcIP, sizeof(IP));
-		t.ClientPort = p->SrcPort;
-		Copy(&t.ServerIP, &p->DstIP, sizeof(IP));
-		t.ServerPort = p->DestPort;
-		t.CurrentIkeSa = NULL;
-
-		if (p->DestPort == IPSEC_PORT_IPSEC_ESP_RAW)
-		{
-			t.ClientPort = t.ServerPort = IPSEC_PORT_IPSEC_ISAKMP;
-		}
-
-		c = Search(ike->ClientList, &t);
-
-		if (c != NULL && c->CurrentIkeSa != NULL)
-		{
-			init_cookie = c->CurrentIkeSa->InitiatorCookie;
-			resp_cookie = c->CurrentIkeSa->ResponderCookie;
-		}
-
-		SendInformationalExchangePacketEx(ike, (c == NULL ? &t : c), IkeNewNoticeErrorInvalidSpiPayload(spi), false,
-			init_cookie, resp_cookie);
-
-		SendDeleteIPsecSaPacket(ike, (c == NULL ? &t : c), spi);
 		return;
 	}

--- a/src/Cedar/Proto_L2TP.c
+++ b/src/Cedar/Proto_L2TP.c
@ -2103,7 +2103,7 @@ void StopL2TPThread(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_SESSION *s)
 // Interrupt processing of L2TP server
 void L2TPProcessInterrupts(L2TP_SERVER *l2tp)
 {
-	UINT i, j;
+	UINT i, j, k;
 	LIST *delete_tunnel_list = NULL;
 	// Validate arguments
 	if (l2tp == NULL)
@ -2138,9 +2138,9 @@ void L2TPProcessInterrupts(L2TP_SERVER *l2tp)
 		UINT64 l2tpTimeout = L2TP_TUNNEL_TIMEOUT;

 		// If we got on ANY session a higher timeout than the default L2TP tunnel timeout, increase it
-		for (i = 0; i < LIST_NUM(t->SessionList); i++)
+		for (k = 0; k < LIST_NUM(t->SessionList); k++)
 		{
-			L2TP_SESSION* s = LIST_DATA(t->SessionList, i);
+			L2TP_SESSION* s = LIST_DATA(t->SessionList, k);

 			if (s->TubeRecv != NULL && s->TubeRecv->DataTimeout > l2tpTimeout)
 			{
Author	SHA1	Message	Date
AMajor-C	32e84756bd	Merge `8e8cb4d4f3` into `c2a7aa5481`	2024-06-24 08:20:19 +00:00
AMajor-C	8e8cb4d4f3	Merge branch 'SoftEtherVPN:master' into master	2024-06-24 11:20:15 +03:00
Ilya Shipitsin	c2a7aa5481	Merge pull request from GHSA-j35p-p8pj-vqxq src/Cedar/Proto_IKE.c: ignore packets with no IPSec SA	2024-06-22 18:57:28 +02:00
Ilia Shipitsin	6f57449164	src/Cedar/Proto_IKE.c: ignore packets with no IPSec SA many thanks to Jonathan Phillibert from Amazon Web Services for investigating and reporting that responding to such packets might lead to traffic amplification	2024-06-22 18:53:35 +02:00
AMajor-C	9b97568dc9	Merge branch 'SoftEtherVPN:master' into master	2024-06-13 16:31:27 +03:00
AMajor-C	aeb9330ddb	Merge branch 'SoftEtherVPN:master' into master	2024-05-23 10:24:18 +03:00
AMajor-C	48b536d732	Merge branch 'SoftEtherVPN:master' into master	2024-05-04 23:56:01 +03:00
AMajor-C	3087e03e0c	Merge branch 'SoftEtherVPN:master' into master	2024-05-04 23:13:38 +03:00
AMajor-C	619ca3d915	Merge branch 'SoftEtherVPN:master' into master	2024-05-03 16:08:16 +03:00
AMajor-C	36c018b1d9	fixed wrong counter modifying	2024-04-24 14:17:35 +03:00