CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2017/10/30 03:53:27
Modified files:
sbin/iked : ca.c
Log message:
In the subjectAltName comparison, the bzero before the while-loop was
lost while applying the diff. This is means sanid could be passed
uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release()
could try to release a pointer which is essentially stack garbage.
While there I realized that the bzero() in the loop is essentially
fatal, since every mismatch leads to a silent leak of ibufs. Since
ca_x509_subjectaltname_cmp() releases and initializes the passed
iked_id, we can safely call it multiple times after initializing
sanid once before the loop.
ok markus@
