From ef31254d342d23cfbeb1b0030c9c6293545fca9d Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 17 Apr 2015 16:16:45 +0200 Subject: [PATCH] iv-gen: Fail getting shorter IV values than the used counter size While no algorithm actually uses such short IVs, we add a check here to ensure we won't return just the lower bits of the counter. --- src/libstrongswan/crypto/iv/iv_gen_seq.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libstrongswan/crypto/iv/iv_gen_seq.c b/src/libstrongswan/crypto/iv/iv_gen_seq.c index 70f1fce389..4de13744d9 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_seq.c +++ b/src/libstrongswan/crypto/iv/iv_gen_seq.c @@ -53,6 +53,10 @@ METHOD(iv_gen_t, get_iv, bool, { return FALSE; } + if (size < sizeof(u_int64_t)) + { + return FALSE; + } if (this->prev != SEQ_IV_INIT_STATE && seq <= this->prev) { return FALSE; -- 2.47.2