identification: Properly check length before comparing for binary DN equality
authorMartin Willi <martin@revosec.ch>
Mon, 7 Oct 2013 12:21:57 +0000 (14:21 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 31 Oct 2013 20:57:07 +0000 (21:57 +0100)
Fixes CVE-2013-6075.

src/libstrongswan/utils/identification.c

index 5df3e5f..9c43ad5 100644 (file)
@@ -602,7 +602,7 @@ static bool compare_dn(chunk_t t_dn, chunk_t o_dn, int *wc)
                }
        }
        /* try a binary compare */
-       if (memeq(t_dn.ptr, o_dn.ptr, t_dn.len))
+       if (chunk_equals(t_dn, o_dn))
        {
                return TRUE;
        }