check length of hex-encoded IV

author Andreas Steffen <andreas.steffen@strongswan.org>

Sun, 7 Oct 2012 15:07:35 +0000 (17:07 +0200)

committer Andreas Steffen <andreas.steffen@strongswan.org>

Sun, 7 Oct 2012 15:07:35 +0000 (17:07 +0200)
author Andreas Steffen <andreas.steffen@strongswan.org>
Sun, 7 Oct 2012 15:07:35 +0000 (17:07 +0200)
committer Andreas Steffen <andreas.steffen@strongswan.org>
Sun, 7 Oct 2012 15:07:35 +0000 (17:07 +0200)
diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c

index 9b9777031f0baffdefd39c7a2fb70ca67beea4b8..eefb2eb485d2d17be898616ae69b677d07378bb0 100644 (file)
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@@ -288,8 +288,11 @@ static status_t pem_to_bin(chunk_t *blob, bool *pgp)
                                                          " not supported", (int)dek.len, dek.ptr);
                                                 return NOT_SUPPORTED;
                                         }
-                                       eat_whitespace(&value);
-                                       iv = chunk_from_hex(value, iv.ptr);
+                                       if (!eat_whitespace(&value) || value.len > 2*sizeof(iv_buf))
+                                       {
+                                               return PARSE_ERROR;
+                                       }
+                                       iv = chunk_from_hex(value, iv_buf);
                                 }
                         }
                         else /* state is PEM_BODY */
author	Andreas Steffen <andreas.steffen@strongswan.org>
	Sun, 7 Oct 2012 15:07:35 +0000 (17:07 +0200)
committer	Andreas Steffen <andreas.steffen@strongswan.org>
	Sun, 7 Oct 2012 15:07:35 +0000 (17:07 +0200)