HIPL

ipsec spi number not initialized

Bug #607484 reported by René Hummen on 2010-07-19

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	HIPL	Invalid	Undecided	Artturi Karila

Bug Description

IPsec SAs are set up with uninitialized spi values. It seems uninitialized uint32_t variables are used to provide randomness. This might be exploitable and should be replace by a call to openssl random number generators.

René Hummen (rene-hummen) on 2010-07-19

visibility:

private → public

Miika Komu (miika-iki) on 2010-07-27

Changed in hipl:
assignee:	nobody → Artturi Karila (artturi-karila)

Revision history for this message

Miika Komu (miika-iki) wrote on 2010-07-27:

For base exchange, hip_hadb_init_entry() initializes inbound spi using get_random_bytes(). Outbound SPI is received from the peer. Are you referring to UPDATE? Can you be more specific, thanks.

Revision history for this message

René Hummen (rene-hummen) wrote on 2010-08-23:

hip_hadb_init_entry() was the crucial link that I overlooked. It's all good.

Changed in hipl:
status:	New → Invalid

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.