sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity

charon-tkm: Validate DH public key to fix potential buffer overflow

Browse Source 
Seems this was forgotten in the referenced commit and actually could lead
to a buffer overflow.  Since charon-tkm is untrusted this isn't that
much of an issue but could at least be easily exploited for a DoS attack
as DH public values are set when handling IKE_SA_INIT requests.

Fixes: 0356089d0f94 ("diffie-hellman: Verify public DH values in backends")
Fixes: CVE-2023-41913
This commit is contained in:
Tobias Brunner 2023-07-11 12:12:25 +02:00
parent 74ae71d2b8
commit 96d7937189
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/charon-tkm/src/tkm/tkm_diffie_hellman.c
View File

@ -70,11 +70,16 @@ METHOD(key_exchange_t, get_shared_secret, bool,
return TRUE; return TRUE;
} }
METHOD(key_exchange_t, set_public_key, bool, METHOD(key_exchange_t, set_public_key, bool,
private_tkm_diffie_hellman_t *this, chunk_t value) private_tkm_diffie_hellman_t *this, chunk_t value)
{ {
dh_pubvalue_type othervalue; dh_pubvalue_type othervalue;
if (!key_exchange_verify_pubkey(this->group, value) ||
value.len > sizeof(othervalue.data))
{
return FALSE;
}
othervalue.size = value.len; othervalue.size = value.len;
memcpy(&othervalue.data, value.ptr, value.len); memcpy(&othervalue.data, value.ptr, value.len);