From b148517c6bf47fa2f0d049b1e9c446c1f14c501b Mon Sep 17 00:00:00 2001 From: ambiso Date: Tue, 23 Oct 2018 23:20:17 +0200 Subject: [PATCH 1/3] openssl: Fix invalid keyid length check Check was designed for base64 conversion, however a hex conversion is being performed, which requires more memory. --- src/libstrongswan/plugins/openssl/openssl_plugin.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index 8b0a7c5c7..c9196804e 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -405,7 +405,7 @@ static private_key_t *openssl_private_key_connect(key_type_t type, { snprintf(keyname, sizeof(keyname), "%d:", slot); } - if (sizeof(keyname) - strlen(keyname) <= keyid.len * 4 / 3 + 1) + if (sizeof(keyname) - strlen(keyname) <= keyid.len * 2 + 1) { return NULL; } From b9e45b5b4a4c834d63080e79e3c6da44601e1684 Mon Sep 17 00:00:00 2001 From: ambiso Date: Tue, 23 Oct 2018 23:20:17 +0200 Subject: [PATCH 2/3] openssl: Remove arbitrary keyid length check --- src/libstrongswan/plugins/openssl/openssl_plugin.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index c9196804e..5347daa08 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -395,7 +395,7 @@ static private_key_t *openssl_private_key_connect(key_type_t type, } break; } - if (!keyid.len || keyid.len > 40) + if (!keyid.len) { return NULL; } From 6b3dfe9c3818368db46dfb9e12e2ce26d9cc60e7 Mon Sep 17 00:00:00 2001 From: ambiso Date: Tue, 23 Oct 2018 23:20:17 +0200 Subject: [PATCH 3/3] openssl: Remove extra semicolon --- src/libstrongswan/plugins/openssl/openssl_plugin.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index 5347daa08..b0db9325f 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -370,7 +370,7 @@ static private_key_t *openssl_private_key_connect(key_type_t type, #ifndef OPENSSL_NO_ENGINE char *engine_id = NULL; char keyname[BUF_LEN]; - chunk_t keyid = chunk_empty;; + chunk_t keyid = chunk_empty; EVP_PKEY *key; ENGINE *engine; int slot = -1;