charon-tkm: Validate DH public key to fix potential buffer overflow

Seems this was forgotten in the referenced commit and actually could lead
to a buffer overflow.  Since charon-tkm is untrusted this isn't that
much of an issue but could at least be easily exploited for a DoS attack
as DH public values are set when handling IKE_SA_INIT requests.

Fixes: 0356089 ("diffie-hellman: Verify public DH values in backends")
Fixes: CVE-2023-41913

Author: tobiasbrunner

src/charon-tkm/src/tkm/tkm_diffie_hellman.c

@@ -70,11 +70,16 @@ METHOD(key_exchange_t, get_shared_secret, bool,
 	return TRUE;
 }
 
-
 METHOD(key_exchange_t, set_public_key, bool,
 	private_tkm_diffie_hellman_t *this, chunk_t value)
 {
 	dh_pubvalue_type othervalue;
+
+	if (!key_exchange_verify_pubkey(this->group, value) ||
+		value.len > sizeof(othervalue.data))
+	{
+		return FALSE;
+	}
 	othervalue.size = value.len;
 	memcpy(&othervalue.data, value.ptr, value.len);