diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2014-12-01 17:21:59 +0100 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2014-12-23 15:40:01 +0100 |
| commit | e13ef5c43416304f0e750af3bb87fd2fad3eee41 (patch) | |
| tree | b7a944e1fc76beccf45b3a9352675c0fc0726260 /src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c | |
| parent | 6683cf6a5ad0eeb359de80c56068532116a17f17 (diff) | |
| download | strongswan-e13ef5c43416304f0e750af3bb87fd2fad3eee41.tar.bz2 strongswan-e13ef5c43416304f0e750af3bb87fd2fad3eee41.tar.xz | |
crypto: Define MODP_CUSTOM outside of IKE DH range
Before this fix it was possible to crash charon with an IKE_SA_INIT
message containing a KE payload with DH group MODP_CUSTOM(1025).
Defining MODP_CUSTOM outside of the two byte IKE DH identifier range
prevents it from getting negotiated.
Fixes CVE-2014-9221.
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c')
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c index b487d59a5..50853d6f0 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c @@ -40,7 +40,7 @@ struct private_openssl_ec_diffie_hellman_t { /** * Diffie Hellman group number. */ - u_int16_t group; + diffie_hellman_group_t group; /** * EC private (public) key |