From: Tobias Brunner Date: Tue, 6 Mar 2018 16:28:33 +0000 (+0100) Subject: ikev2: Use correct type to check for selected signature scheme X-Git-Tag: 5.6.3dr1~25 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a48f3d89398e4fd33dc6986e595a79daf2b19169;p=thirdparty%2Fstrongswan.git ikev2: Use correct type to check for selected signature scheme The previous code was obviously incorrect and caused strange side effects depending on the compiler and its optimization flags (infinite looping seen with GCC 4.8.4, segfault when destroying the private key in build() seen with clang 4.0.0 on FreeBSD). Fixes #2579. --- diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c index 65baf87718..c6c4829102 100644 --- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c @@ -164,7 +164,7 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat, signature_scheme_t schemes[] = { SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_256, - }, contained; + }; bool found; int i, j; @@ -174,8 +174,8 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat, found = FALSE; for (j = 0; j < array_count(selected); j++) { - array_get(selected, j, &contained); - if (scheme == contained) + array_get(selected, j, &config); + if (scheme == config->scheme) { found = TRUE; break;