Fix null pointer dereferencing on KeyUpdate messages

ryru / strongswan

strongSwan - IPsec-based VPN

https://www.strongswan.org

Other

0 stars 1 forks source link

Fix null pointer dereferencing on KeyUpdate messages #34

Closed ryru closed 3 years ago

ryru commented 3 years ago

AEAD ownership was moved to the protection layer but KeyUpdate still depended on a local reference.

Fixes: c7066402 (“tls-crypto: Move AEAD ownership to the protection layer”)

tobiasbrunner commented 3 years ago

Good catch. I'm not sure about the fix, though. I think it would be easier to not change derive_labeled_keys() and just copy these lines to update_app_keys():

suite_algs_t *algs;

algs = find_suite(this->suite);
destroy_aeads(this);
if (!create_aead(this, algs))
{
    return FALSE;
}

You could squash that into "tls-crypto: Move AEAD ownership to the protection layer".

ryru commented 3 years ago

Thank's for the feedback!