Skip to content

Commit

Permalink
charon-tkm: Validate DH public key to fix potential buffer overflow
Browse files Browse the repository at this point in the history 
Seems this was forgotten in the referenced commit and actually could lead
to a buffer overflow.  Since charon-tkm is untrusted this isn't that
much of an issue but could at least be easily exploited for a DoS attack
as DH public values are set when handling IKE_SA_INIT requests.

Fixes: 0356089 ("diffie-hellman: Verify public DH values in backends")
Fixes: CVE-2023-41913
  • Loading branch information
@tobiasbrunner @ferasbi
tobiasbrunner authored and ferasbi committed Feb 22, 2024
1 parent 3b20264 commit 7cb9bfd
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion src/charon-tkm/src/tkm/tkm_diffie_hellman.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,11 +70,16 @@ METHOD(key_exchange_t, get_shared_secret, bool,
return TRUE;
}


METHOD(key_exchange_t, set_public_key, bool,
private_tkm_diffie_hellman_t *this, chunk_t value)
{
dh_pubvalue_type othervalue;

if (!key_exchange_verify_pubkey(this->group, value) ||
value.len > sizeof(othervalue.data))
{
return FALSE;
}
othervalue.size = value.len;
memcpy(&othervalue.data, value.ptr, value.len);

Expand Down

0 comments on commit 7cb9bfd

Please sign in to comment.