← Back to team overview

hipl-core team mailing list archive

[Bug 607484] Re: ipsec spi number not initialized


hip_hadb_init_entry() was the crucial link that I overlooked. It's all

** Changed in: hipl
       Status: New => Invalid

ipsec spi number not initialized
You received this bug notification because you are a member of HIPL core
team, which is subscribed to HIPL.

Status in Host Identity Protocol for Linux: Invalid

Bug description:
IPsec SAs are set up with uninitialized spi values. It seems uninitialized uint32_t variables are used to provide randomness. This might be exploitable and should be replace by a call to openssl random number generators.