untrusted comment: verify with openbsd-77-base.pub
RWSbCCUoGpcxVX6XOblrLmu9TLJbAOtqj6U7Vq5E6MSmFBNcNfFNiKktbzdJwlF2ll1kDN6Xcc59HLgYOvkkUEYoncxEcYu4uAE=

OpenBSD 7.7 errata 042, May 8, 2026:

In iked(8), address sizes were not checked.

Apply by doing:
    signify -Vep /etc/signify/openbsd-77-base.pub -x 042_iked.patch.sig \
        -m - | (cd /usr/src && patch -p0)

And then rebuild and install iked:
    cd /usr/src/sbin/iked
    make obj
    make
    make install

Index: sbin/iked/ikev2.c
===================================================================
RCS file: /cvs/src/sbin/iked/ikev2.c,v
diff -u -p -r1.391.4.1 ikev2.c
--- sbin/iked/ikev2.c	1 Apr 2026 20:03:26 -0000	1.391.4.1
+++ sbin/iked/ikev2.c	5 May 2026 21:26:42 -0000
@@ -7021,7 +7021,9 @@ ikev2_print_id(struct iked_id *id, char 
 	case IKEV2_ID_IPV4:
 		s4.sin_family = AF_INET;
 		s4.sin_len = sizeof(s4);
-		memcpy(&s4.sin_addr.s_addr, ptr, len);
+		if (len != (ssize_t)sizeof(s4.sin_addr.s_addr))
+			return (-1);
+		memcpy(&s4.sin_addr.s_addr, ptr, sizeof(s4.sin_addr.s_addr));
 
 		if (strlcat(idstr, print_addr(&s4), idstrlen) >= idstrlen)
 			return (-1);
@@ -7040,7 +7042,9 @@ ikev2_print_id(struct iked_id *id, char 
 	case IKEV2_ID_IPV6:
 		s6.sin6_family = AF_INET6;
 		s6.sin6_len = sizeof(s6);
-		memcpy(&s6.sin6_addr, ptr, len);
+		if (len != (ssize_t)sizeof(s6.sin6_addr))
+			return (-1);
+		memcpy(&s6.sin6_addr, ptr, sizeof(s6.sin6_addr));
 
 		if (strlcat(idstr, print_addr(&s6), idstrlen) >= idstrlen)
 			return (-1);