From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 18 Oct 2023 15:11:51 +0000 (+0200)
Subject: pkcs12: Treat empty string and no password differently
X-Git-Tag: 5.9.12rc1~7^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ad804fa036a534fe315dd33563d9bba514bf9907;p=thirdparty%2Fstrongswan.git

pkcs12: Treat empty string and no password differently

When deriving the PKCS#12 key, the empty string should result in a
non-zero length Unicode string (two bytes for the 0 terminator).
---

diff --git a/src/libstrongswan/credentials/containers/pkcs12.c b/src/libstrongswan/credentials/containers/pkcs12.c
index 5e36b3cd40..d738910077 100644
--- a/src/libstrongswan/credentials/containers/pkcs12.c
+++ b/src/libstrongswan/credentials/containers/pkcs12.c
@@ -157,7 +157,7 @@ bool pkcs12_derive_key(hash_algorithm_t hash, chunk_t password, chunk_t salt,
 	bool success;
 	int i;
 
-	if (password.len)
+	if (password.ptr)
 	{	/* convert the password to UTF-16BE (without BOM) with 0 terminator */
 		unicode = chunk_alloca(password.len * 2 + 2);
 		for (i = 0; i < password.len; i++)