blob: d50616a60c263d7db525058d3d3636cca5c36405 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
From aa277adfc204b6bda2c3792710138f9a8723a8f1 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Mon, 7 Oct 2013 14:21:57 +0200
Subject: [PATCH] identification: Properly check length before comparing for
binary DN equality
Fixes CVE-2013-6075.
---
src/libstrongswan/utils/identification.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index 5df3e5f..9c43ad5 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -602,7 +602,7 @@ static bool compare_dn(chunk_t t_dn, chunk_t o_dn, int *wc)
}
}
/* try a binary compare */
- if (memeq(t_dn.ptr, o_dn.ptr, t_dn.len))
+ if (chunk_equals(t_dn, o_dn))
{
return TRUE;
}
--
1.8.1.2
|
