| From aa277adfc204b6bda2c3792710138f9a8723a8f1 Mon Sep 17 00:00:00 2001 |
| From: Martin Willi <martin@revosec.ch> |
| Date: Mon, 7 Oct 2013 14:21:57 +0200 |
| Subject: [PATCH] identification: Properly check length before comparing for |
| binary DN equality |
| |
| Fixes CVE-2013-6075. |
| --- |
| src/libstrongswan/utils/identification.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c |
| index 5df3e5f..9c43ad5 100644 |
| --- a/src/libstrongswan/utils/identification.c |
| +++ b/src/libstrongswan/utils/identification.c |
| @@ -602,7 +602,7 @@ static bool compare_dn(chunk_t t_dn, chunk_t o_dn, int *wc) |
| } |
| } |
| /* try a binary compare */ |
| - if (memeq(t_dn.ptr, o_dn.ptr, t_dn.len)) |
| + if (chunk_equals(t_dn, o_dn)) |
| { |
| return TRUE; |
| } |
| -- |
| 1.8.1.2 |
| |