ikev2: Use correct type to check for selected signature scheme
authorTobias Brunner <tobias@strongswan.org>
Tue, 6 Mar 2018 16:28:33 +0000 (17:28 +0100)
committerTobias Brunner <tobias@strongswan.org>
Wed, 21 Mar 2018 09:12:59 +0000 (10:12 +0100)
The previous code was obviously incorrect and caused strange side effects
depending on the compiler and its optimization flags (infinite looping seen
with GCC 4.8.4, segfault when destroying the private key in build() seen
with clang 4.0.0 on FreeBSD).

Fixes #2579.

src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c

index 65baf87..c6c4829 100644 (file)
@@ -164,7 +164,7 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat,
                        signature_scheme_t schemes[] = {
                                SIGN_RSA_EMSA_PKCS1_SHA2_384,
                                SIGN_RSA_EMSA_PKCS1_SHA2_256,
-                       }, contained;
+                       };
                        bool found;
                        int i, j;
 
@@ -174,8 +174,8 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat,
                                found = FALSE;
                                for (j = 0; j < array_count(selected); j++)
                                {
-                                       array_get(selected, j, &contained);
-                                       if (scheme == contained)
+                                       array_get(selected, j, &config);
+                                       if (scheme == config->scheme)
                                        {
                                                found = TRUE;
                                                break;