Commit 4da84019cc for strongswan.org

commit 4da84019ccec87fea161797af2901244fa5f170e
Author: Tobias Brunner <tobias@strongswan.org>
Date:   Wed Mar 25 10:28:45 2026 +0100

    pkcs5: Avoid NULL pointer dereference when verifying padding

    Can be triggered via empty PKCS#7 encrypted content in IKEv1 CERT payload.

    Fixes: 4076e3ee9121 ("Extract PKCS#5 handling from pkcs8 plugin to separate helper class")
    Fixes: CVE-2026-35329

diff --git a/src/libstrongswan/crypto/pkcs5.c b/src/libstrongswan/crypto/pkcs5.c
index e48a9ad9d4..4851d3f969 100644
--- a/src/libstrongswan/crypto/pkcs5.c
+++ b/src/libstrongswan/crypto/pkcs5.c
@@ -113,6 +113,11 @@ static bool verify_padding(crypter_t *crypter, chunk_t *blob)
 {
 	uint8_t padding, count;

+	if (!blob->len)
+	{
+		return FALSE;
+	}
+
 	padding = count = blob->ptr[blob->len - 1];

 	if (padding > crypter->get_block_size(crypter))