From ad804fa036a534fe315dd33563d9bba514bf9907 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Wed, 18 Oct 2023 17:11:51 +0200 Subject: [PATCH] pkcs12: Treat empty string and no password differently When deriving the PKCS#12 key, the empty string should result in a non-zero length Unicode string (two bytes for the 0 terminator). --- src/libstrongswan/credentials/containers/pkcs12.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libstrongswan/credentials/containers/pkcs12.c b/src/libstrongswan/credentials/containers/pkcs12.c index 5e36b3cd40..d738910077 100644 --- a/src/libstrongswan/credentials/containers/pkcs12.c +++ b/src/libstrongswan/credentials/containers/pkcs12.c @@ -157,7 +157,7 @@ bool pkcs12_derive_key(hash_algorithm_t hash, chunk_t password, chunk_t salt, bool success; int i; - if (password.len) + if (password.ptr) { /* convert the password to UTF-16BE (without BOM) with 0 terminator */ unicode = chunk_alloca(password.len * 2 + 2); for (i = 0; i < password.len; i++)