untrusted comment: verify with openbsd-78-base.pub
RWS3/nvFmk4SWTklZtSGjwRvZdf6DKQNnbg+XRJOsB0RSmHoH0/BxFwqd2ifXWXDktcu0bDr+2wgErLmz2I60JW8ALSJxe3L7Ac=

OpenBSD 7.8 errata 036, May 8, 2026:

In iked(8), address sizes were not checked.

Apply by doing:
    signify -Vep /etc/signify/openbsd-78-base.pub -x 036_iked.patch.sig \
        -m - | (cd /usr/src && patch -p0)

And then rebuild and install iked:
    cd /usr/src/sbin/iked
    make obj
    make
    make install

Index: sbin/iked/ikev2.c
===================================================================
RCS file: /cvs/src/sbin/iked/ikev2.c,v
diff -u -p -r1.394.2.1 ikev2.c
--- sbin/iked/ikev2.c	1 Apr 2026 20:02:24 -0000	1.394.2.1
+++ sbin/iked/ikev2.c	5 May 2026 21:26:13 -0000
@@ -7025,7 +7025,9 @@ ikev2_print_id(struct iked_id *id, char 
 	case IKEV2_ID_IPV4:
 		s4.sin_family = AF_INET;
 		s4.sin_len = sizeof(s4);
-		memcpy(&s4.sin_addr.s_addr, ptr, len);
+		if (len != (ssize_t)sizeof(s4.sin_addr.s_addr))
+			return (-1);
+		memcpy(&s4.sin_addr.s_addr, ptr, sizeof(s4.sin_addr.s_addr));
 
 		if (strlcat(idstr, print_addr(&s4), idstrlen) >= idstrlen)
 			return (-1);
@@ -7044,7 +7046,9 @@ ikev2_print_id(struct iked_id *id, char 
 	case IKEV2_ID_IPV6:
 		s6.sin6_family = AF_INET6;
 		s6.sin6_len = sizeof(s6);
-		memcpy(&s6.sin6_addr, ptr, len);
+		if (len != (ssize_t)sizeof(s6.sin6_addr))
+			return (-1);
+		memcpy(&s6.sin6_addr, ptr, sizeof(s6.sin6_addr));
 
 		if (strlcat(idstr, print_addr(&s6), idstrlen) >= idstrlen)
 			return (-1);