commit 5c4369afcfe95a924ee0a96a0b29a7204dc40504 Author: Paul Wouters Date: Tue Jun 16 12:42:47 2026 -0400 Fix for CVE-2026-12413 diff --git a/programs/pluto/ikev2_message.c b/programs/pluto/ikev2_message.c index 7811804cea..92254605d2 100644 --- a/programs/pluto/ikev2_message.c +++ b/programs/pluto/ikev2_message.c @@ -974,7 +974,7 @@ struct msg_digest *reassemble_v2_incoming_fragments(struct v2_incoming_fragments passert(md->chain[ISAKMP_NEXT_v2SK] == NULL); passert(md->chain[ISAKMP_NEXT_v2SKF] != NULL); pexpect(md->chain[ISAKMP_NEXT_v2SKF]->payload.v2skf.isaskf_number == 1); - passert(md->digest_roof < elemsof(md->digest)); + passert(md->digest_roof <= elemsof(md->digest)); /* * Pass 1: Compute the total payload size.