From: Martin Willi <martin@revosec.ch>
Date: Mon, 7 Oct 2013 12:21:57 +0000 (+0200)
Subject: identification: Properly check length before comparing for binary DN equality
X-Git-Tag: 5.1.1~2
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=7f4a13fffb3ed5d6304441799e71e991f6a37efc;p=thirdparty%2Fstrongswan.git

identification: Properly check length before comparing for binary DN equality

Fixes CVE-2013-6075.
---

diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index 5df3e5fe29..9c43ad5708 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -602,7 +602,7 @@ static bool compare_dn(chunk_t t_dn, chunk_t o_dn, int *wc)
 		}
 	}
 	/* try a binary compare */
-	if (memeq(t_dn.ptr, o_dn.ptr, t_dn.len))
+	if (chunk_equals(t_dn, o_dn))
 	{
 		return TRUE;
 	}