From 9cf1f297f9860e92ca369b4431b611e831a10c7d Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Wed, 16 May 2018 15:50:16 +0200 Subject: [PATCH] ikev2: Initialize variable in case set_key() or allocate_bytes() fails In case the PRF's set_key() or allocate_bytes() method failed, skeyseed was not initialized and the chunk_clear() call later caused a crash. This could have happened with OpenSSL in FIPS mode when MD5 was negotiated (and test vectors were not checked, in which case the PRF couldn't be instantiated as the test vectors would have failed). MD5 is not included in the default proposal anymore since 5.6.1, so with recent versions this could only happen with configs that are not valid in FIPS mode anyway. Fixes: CVE-2018-10811 --- src/libcharon/sa/ikev2/keymat_v2.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index 4d0683f0a09b..ed98ca1f8d2f 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -259,8 +259,8 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id, pseudo_random_function_t rekey_function, chunk_t rekey_skd) { - chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed; - chunk_t spi_i, spi_r; + chunk_t skeyseed = chunk_empty, key, secret, full_nonce, fixed_nonce; + chunk_t prf_plus_seed, spi_i, spi_r; prf_plus_t *prf_plus = NULL; u_int16_t alg, key_size, int_alg; prf_t *rekey_prf = NULL; -- 2.7.4