From: Tobias Brunner Date: Mon, 19 Mar 2018 16:03:05 +0000 (+0100) Subject: ikev2: Initialize variable in case set_key() or allocate_bytes() fails X-Git-Tag: 5.6.3~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6d8a57342b604b4836816937e0cb659be4d0fec2;p=thirdparty%2Fstrongswan.git ikev2: Initialize variable in case set_key() or allocate_bytes() fails In case the PRF's set_key() or allocate_bytes() method failed, skeyseed was not initialized and the chunk_clear() call later caused a crash. This could have happened with OpenSSL in FIPS mode when MD5 was negotiated (and test vectors were not checked, in which case the PRF couldn't be instantiated as the test vectors would have failed). MD5 is not included in the default proposal anymore since 5.6.1, so with recent versions this could only happen with configs that are not valid in FIPS mode anyway. Fixes: CVE-2018-10811 --- diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index 49b1f77a58..f8b23b66e5 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -303,8 +303,8 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id, pseudo_random_function_t rekey_function, chunk_t rekey_skd) { - chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed; - chunk_t spi_i, spi_r; + chunk_t skeyseed = chunk_empty, key, secret, full_nonce, fixed_nonce; + chunk_t prf_plus_seed, spi_i, spi_r; prf_plus_t *prf_plus = NULL; uint16_t alg, key_size, int_alg; prf_t *rekey_prf = NULL;