From aa277adfc204b6bda2c3792710138f9a8723a8f1 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 7 Oct 2013 14:21:57 +0200 Subject: [PATCH] identification: Properly check length before comparing for binary DN equality Fixes CVE-2013-6075. --- src/libstrongswan/utils/identification.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index 5df3e5f..9c43ad5 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -602,7 +602,7 @@ static bool compare_dn(chunk_t t_dn, chunk_t o_dn, int *wc) } } /* try a binary compare */ - if (memeq(t_dn.ptr, o_dn.ptr, t_dn.len)) + if (chunk_equals(t_dn, o_dn)) { return TRUE; } -- 1.8.1.2