-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

commit 5c4369afcfe95a924ee0a96a0b29a7204dc40504
Author: Paul Wouters <paul.wouters@aiven.io>
Date:   Tue Jun 16 12:42:47 2026 -0400

    Fix for CVE-2026-12413

diff --git a/programs/pluto/ikev2_message.c b/programs/pluto/ikev2_message.c
index 7811804cea..92254605d2 100644
- --- a/programs/pluto/ikev2_message.c
+++ b/programs/pluto/ikev2_message.c
@@ -974,7 +974,7 @@ struct msg_digest *reassemble_v2_incoming_fragments(struct v2_incoming_fragments
 	passert(md->chain[ISAKMP_NEXT_v2SK] == NULL);
 	passert(md->chain[ISAKMP_NEXT_v2SKF] != NULL);
 	pexpect(md->chain[ISAKMP_NEXT_v2SKF]->payload.v2skf.isaskf_number == 1);
- -	passert(md->digest_roof < elemsof(md->digest));
+	passert(md->digest_roof <= elemsof(md->digest));
 
 	/*
 	 * Pass 1: Compute the total payload size.
-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEkH55DyXB6OVhzXO1hf9LQ7MPxvkFAmo8EoETHHRlYW1AbGli
cmVzd2FuLm9yZwAKCRCF/0tDsw/G+QPVD/9Q2ttjgTgq2jZfxWpUDGkAngQdmTVz
Qps9k+k+dcXM6566BSyryWwGw0FgSkN5LHovPpGkgjYg8a8RlaUoPcBQQCra2cvv
4iYmVHxIxl89FaYhoVxkutybGCoRKAe88vkyHIIsKeeFR52blU+CIHIsrJxvy2SZ
zFxUpbUQcdWXt84wrkK4End92TQFX+ssfKIM6eX5uIBuXjDA7VZKt4td9Ec+Z8Es
rlohiXNB4BywuLvoH9uK/9GPw+zQULWY6Jm6hn5djqKSwkMYnKKVpzZ9gLZVsT/N
0nltO0ISDpianpj9z3c/6DcrX0lu2GygA8gn4iul7NOIVOis1jtG5tFUW/ed9q9i
BT4WlRGdApenQwwzRdH2LfYbTNSt47OPxJlHuhw4LM4zOCkNyshyQ+ySxN8wZKJd
3Ci85umRveeWPRKCq8liOf6f3sA8RvrDWtYesEeFqxiCG80qkmJHlIld5Pl3SpYA
oDZftMlNp0FDwnXtw3mnfCPSX7U1RzsnjKrmLvgxQ6QRO40ZPMuAnyw+q69hNNHM
oMcKFefmnTS4ZVvjrKbBulWnWHe9hRZyAd01rzjqBVHTQKa3DgZdWk+vyi7k3t98
b+eJv1D8a3XvDuDYdcKMx1uAV+K1rHbpYrCU9ajHVeVVbB6cPY8ta7xyG9X20Iwr
M9ze3aY+SguK9w==
=YQ8O
-----END PGP SIGNATURE-----