forked from pool/strongswan
40 lines
1.5 KiB
Diff
40 lines
1.5 KiB
Diff
From b450318c15496f89e7c93392c9b5d2c6045c7de9 Mon Sep 17 00:00:00 2001
|
|
From: Tobias Brunner <tobias@strongswan.org>
|
|
Date: Mon, 19 Mar 2018 17:03:05 +0100
|
|
Subject: [PATCH] ikev2: Initialize variable in case set_key() or
|
|
allocate_bytes() fails
|
|
|
|
In case the PRF's set_key() or allocate_bytes() method failed, skeyseed
|
|
was not initialized and the chunk_clear() call later caused a crash.
|
|
|
|
This could have happened with OpenSSL in FIPS mode when MD5 was
|
|
negotiated (and test vectors were not checked, in which case the PRF
|
|
couldn't be instantiated as the test vectors would have failed).
|
|
MD5 is not included in the default proposal anymore since 5.6.1, so
|
|
with recent versions this could only happen with configs that are not
|
|
valid in FIPS mode anyway.
|
|
|
|
Fixes: CVE-2018-10811
|
|
---
|
|
src/libcharon/sa/ikev2/keymat_v2.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
|
|
index 0c41c68d0118..8b20d1ce986f 100644
|
|
--- a/src/libcharon/sa/ikev2/keymat_v2.c
|
|
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
|
|
@@ -303,8 +303,8 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
|
|
chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
|
|
pseudo_random_function_t rekey_function, chunk_t rekey_skd)
|
|
{
|
|
- chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed;
|
|
- chunk_t spi_i, spi_r;
|
|
+ chunk_t skeyseed = chunk_empty, key, secret, full_nonce, fixed_nonce;
|
|
+ chunk_t prf_plus_seed, spi_i, spi_r;
|
|
prf_plus_t *prf_plus = NULL;
|
|
uint16_t alg, key_size, int_alg;
|
|
prf_t *rekey_prf = NULL;
|
|
--
|
|
2.7.4
|
|
|