From 6d8a57342b604b4836816937e0cb659be4d0fec2 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 19 Mar 2018 17:03:05 +0100 Subject: [PATCH] ikev2: Initialize variable in case set_key() or allocate_bytes() fails In case the PRF's set_key() or allocate_bytes() method failed, skeyseed was not initialized and the chunk_clear() call later caused a crash. This could have happened with OpenSSL in FIPS mode when MD5 was negotiated (and test vectors were not checked, in which case the PRF couldn't be instantiated as the test vectors would have failed). MD5 is not included in the default proposal anymore since 5.6.1, so with recent versions this could only happen with configs that are not valid in FIPS mode anyway. Fixes: CVE-2018-10811 --- src/libcharon/sa/ikev2/keymat_v2.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index 49b1f77a58..f8b23b66e5 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -303,8 +303,8 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id, pseudo_random_function_t rekey_function, chunk_t rekey_skd) { - chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed; - chunk_t spi_i, spi_r; + chunk_t skeyseed = chunk_empty, key, secret, full_nonce, fixed_nonce; + chunk_t prf_plus_seed, spi_i, spi_r; prf_plus_t *prf_plus = NULL; uint16_t alg, key_size, int_alg; prf_t *rekey_prf = NULL; -- 2.47.2