ikev2: Initialize variable in case set_key() or allocate_bytes() fails

In case the PRF's set_key() or allocate_bytes() method failed, skeyseed
was not initialized and the chunk_clear() call later caused a crash.

This could have happened with OpenSSL in FIPS mode when MD5 was
negotiated (and test vectors were not checked, in which case the PRF
couldn't be instantiated as the test vectors would have failed).
MD5 is not included in the default proposal anymore since 5.6.1, so
with recent versions this could only happen with configs that are not
valid in FIPS mode anyway.

Fixes: CVE-2018-10811

diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
index 49b1f77a58e6fce6dc84375ae0737387a534e2f8..f8b23b66e5a0c83feb0d47cc89292c66f0108e0f 100644 (file)
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -303,8 +303,8 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
        chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
        pseudo_random_function_t rekey_function, chunk_t rekey_skd)
 {
-       chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed;
-       chunk_t spi_i, spi_r;
+       chunk_t skeyseed = chunk_empty, key, secret, full_nonce, fixed_nonce;
+       chunk_t prf_plus_seed, spi_i, spi_r;
        prf_plus_t *prf_plus = NULL;
        uint16_t alg, key_size, int_alg;
        prf_t *rekey_prf = NULL;