ipsec-tools: Security Advisory - CVE-2015-4047

This fixed the CVE-2015-4047: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047 Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Conflicts: meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
author: Roy Li <rongqing.li@windriver.com> 2015-11-26 14:44:30 +0100
committer: Tudor Florea <tudor.florea@enea.com> 2015-11-26 22:20:55 +0100
commit: 2bcc373d5a9979c965e7350b8572ff257852b6d9 (patch)
tree: c561f2c28491a5dcdedc3ca39c7da8efe0c444ed
parent: 1219bf8a90a7bf8cd3a5363551ef635d51e8fc8e (diff)
download: meta-openembedded-2bcc373d5a9979c965e7350b8572ff257852b6d9.tar.gz
2 files changed, 37 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch
new file mode 100644
index 000000000..5286376ac
--- /dev/null
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch
@@ -0,0 +1,36 @@
+[PATCH] fix CVE-2015-4047
+Upstream-Status: Backport
+http://www.openwall.com/lists/oss-security/2015/05/20/1
+racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause
+a denial of service (NULL pointer dereference and IKE daemon crash) via
+a series of crafted UDP requests.
+https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+---
+ src/racoon/gssapi.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+diff --git a/src/racoon/gssapi.c b/src/racoon/gssapi.c
+index e64b201..1ad3b42 100644
+--- a/src/racoon/gssapi.c
+++ b/src/racoon/gssapi.c
+@@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1)
+        gss_name_t princ, canon_princ;
+        OM_uint32 maj_stat, min_stat;
+ 
+       if (iph1->rmconf == NULL) {
+               plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
+               return -1;
+       }
+
+        gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
+        if (gps == NULL) {
+                plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");
+-- 
+1.9.1
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
index 4653a9aba..0969af930 100644
--- a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
@@ -17,6 +17,7 @@ SRC_URI = "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${PV
           file://racoon-check-invalid-ivm.patch \
           file://glibc-2.20.patch \
           file://racoon-Resend-UPDATE-message-when-received-EINTR-message.patch \
+           file://fix-CVE-2015-4047.patch \
          "
 SRC_URI[md5sum] = "d53ec14a0a3ece64e09e5e34b3350b41"
 SRC_URI[sha256sum] = "8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d"
author	Roy Li <rongqing.li@windriver.com>	2015-11-26 14:44:30 +0100
committer	Tudor Florea <tudor.florea@enea.com>	2015-11-26 22:20:55 +0100
commit	2bcc373d5a9979c965e7350b8572ff257852b6d9 (patch)
tree	c561f2c28491a5dcdedc3ca39c7da8efe0c444ed
parent	1219bf8a90a7bf8cd3a5363551ef635d51e8fc8e (diff)
download	meta-openembedded-2bcc373d5a9979c965e7350b8572ff257852b6d9.tar.gz

diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch new file mode 100644 index 000000000..5286376ac --- /dev/null +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch
@@ -0,0 +1,36 @@
		1	[PATCH] fix CVE-2015-4047
		2
		3	Upstream-Status: Backport
		4
		5	http://www.openwall.com/lists/oss-security/2015/05/20/1
		6
		7	racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause
		8	a denial of service (NULL pointer dereference and IKE daemon crash) via
		9	a series of crafted UDP requests.
		10
		11	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047
		12
		13	Signed-off-by: Roy Li <rongqing.li@windriver.com>
		14	---
		15	src/racoon/gssapi.c \| 5 +++++
		16	1 file changed, 5 insertions(+)
		17
		18	diff --git a/src/racoon/gssapi.c b/src/racoon/gssapi.c
		19	index e64b201..1ad3b42 100644
		20	--- a/src/racoon/gssapi.c
		21	+++ b/src/racoon/gssapi.c
		22	@@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1)
		23	gss_name_t princ, canon_princ;
		24	OM_uint32 maj_stat, min_stat;
		25
		26	+ if (iph1->rmconf == NULL) {
		27	+ plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
		28	+ return -1;
		29	+ }
		30	+
		31	gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
		32	if (gps == NULL) {
		33	plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");
		34	--
		35	1.9.1
		36


diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb index 4653a9aba..0969af930 100644 --- a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
@@ -17,6 +17,7 @@ SRC_URI = "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${PV
17	file://racoon-check-invalid-ivm.patch \	17	file://racoon-check-invalid-ivm.patch \
18	file://glibc-2.20.patch \	18	file://glibc-2.20.patch \
19	file://racoon-Resend-UPDATE-message-when-received-EINTR-message.patch \	19	file://racoon-Resend-UPDATE-message-when-received-EINTR-message.patch \
		20	file://fix-CVE-2015-4047.patch \
20	"	21	"
21	SRC_URI[md5sum] = "d53ec14a0a3ece64e09e5e34b3350b41"	22	SRC_URI[md5sum] = "d53ec14a0a3ece64e09e5e34b3350b41"
22	SRC_URI[sha256sum] = "8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d"	23	SRC_URI[sha256sum] = "8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d"