84738b1aed
IKE is very strict in the length of KE payloads, and it should be safe to strictly verify their length. Not doing so is no direct threat, but allows DDoS amplification by sending short KE payloads for large groups using the target as the source address. |
||
---|---|---|
.. | ||
payloads | ||
generator.c | ||
generator.h | ||
message.c | ||
message.h | ||
parser.c | ||
parser.h |