sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity

ikev2: Initialize variable in case set_key() or allocate_bytes() fails

Browse Source 
In case the PRF's set_key() or allocate_bytes() method failed, skeyseed
was not initialized and the chunk_clear() call later caused a crash.

This could have happened with OpenSSL in FIPS mode when MD5 was
negotiated (and test vectors were not checked, in which case the PRF
couldn't be instantiated as the test vectors would have failed).
MD5 is not included in the default proposal anymore since 5.6.1, so
with recent versions this could only happen with configs that are not
valid in FIPS mode anyway.

Fixes: CVE-2018-10811
This commit is contained in:
Tobias Brunner 2018-03-19 17:03:05 +01:00
parent 0d0c8f7d3e
commit 6d8a57342b
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/libcharon/sa/ikev2/keymat_v2.c
View File

@ -303,8 +303,8 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
pseudo_random_function_t rekey_function, chunk_t rekey_skd)
{
chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed;
chunk_t spi_i, spi_r;
chunk_t skeyseed = chunk_empty, key, secret, full_nonce, fixed_nonce;
chunk_t prf_plus_seed, spi_i, spi_r;
prf_plus_t *prf_plus = NULL;
uint16_t alg, key_size, int_alg;
prf_t *rekey_prf = NULL;