From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Sun, 7 Oct 2012 15:07:35 +0000 (+0200)
Subject: check length of hex-encoded IV
X-Git-Tag: 5.0.2dr4~388
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7f5675c8e5a1131b7ac12c0724c374f4def9a0f7;p=thirdparty%2Fstrongswan.git

check length of hex-encoded IV
---

diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c
index 9b9777031f..eefb2eb485 100644
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@@ -288,8 +288,11 @@ static status_t pem_to_bin(chunk_t *blob, bool *pgp)
 							 " not supported", (int)dek.len, dek.ptr);
 						return NOT_SUPPORTED;
 					}
-					eat_whitespace(&value);
-					iv = chunk_from_hex(value, iv.ptr);
+					if (!eat_whitespace(&value) || value.len > 2*sizeof(iv_buf))
+					{
+						return PARSE_ERROR;
+					}
+					iv = chunk_from_hex(value, iv_buf);
 				}
 			}
 			else /* state is PEM_BODY */