diff options
author | Tudor Florea <tudor.florea@enea.com> | 2015-10-08 22:51:41 +0200 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2015-10-08 22:51:41 +0200 |
commit | 1219bf8a90a7bf8cd3a5363551ef635d51e8fc8e (patch) | |
tree | a21a5fc103bb3bd65ecd85ed22be5228fc54e447 /meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-pointers.patch | |
download | meta-openembedded-1219bf8a90a7bf8cd3a5363551ef635d51e8fc8e.tar.gz |
initial commit for Enea Linux 5.0 arm
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-pointers.patch')
-rw-r--r-- | meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-pointers.patch | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-pointers.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-pointers.patch new file mode 100644 index 000000000..de1bdb407 --- /dev/null +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-pointers.patch | |||
@@ -0,0 +1,61 @@ | |||
1 | Subject: [PATCH] ipsec-tools: racoon: check several invalid pointers | ||
2 | |||
3 | Upstream-Status: Pending | ||
4 | |||
5 | Add checking for invalid pointers, or it will crash racoon. | ||
6 | |||
7 | Signed-off-by: Ming Liu <ming.liu@windriver.com> | ||
8 | --- | ||
9 | ipsec_doi.c | 5 +++-- | ||
10 | isakmp_cfg.c | 7 +++++++ | ||
11 | isakmp_quick.c | 6 ++++-- | ||
12 | 3 files changed, 14 insertions(+), 4 deletions(-) | ||
13 | |||
14 | diff -urpN a/src/racoon/ipsec_doi.c b/src/racoon/ipsec_doi.c | ||
15 | --- a/src/racoon/ipsec_doi.c | ||
16 | +++ b/src/racoon/ipsec_doi.c | ||
17 | @@ -3374,8 +3374,9 @@ ipsecdoi_chkcmpids( idt, ids, exact ) | ||
18 | |||
19 | /* handle wildcard IDs */ | ||
20 | |||
21 | - if (idt == NULL || ids == NULL) | ||
22 | - { | ||
23 | + if (idt == NULL || ids == NULL || | ||
24 | + idt->v == NULL || idt->l == 0 || | ||
25 | + ids->v == NULL || ids->l == 0) { | ||
26 | if( !exact ) | ||
27 | { | ||
28 | plog(LLV_DEBUG, LOCATION, NULL, | ||
29 | diff -urpN a/src/racoon/isakmp_cfg.c b/src/racoon/isakmp_cfg.c | ||
30 | --- a/src/racoon/isakmp_cfg.c | ||
31 | +++ b/src/racoon/isakmp_cfg.c | ||
32 | @@ -1138,6 +1138,13 @@ isakmp_cfg_newiv(iph1, msgid) | ||
33 | return NULL; | ||
34 | } | ||
35 | |||
36 | + if (iph1->ivm == NULL || iph1->ivm->iv == NULL || | ||
37 | + iph1->ivm->iv->v == NULL || iph1->ivm->iv->l == 0) { | ||
38 | + plog(LLV_ERROR, LOCATION, NULL, | ||
39 | + "isakmp_cfg_newiv called with invalid IV management\n"); | ||
40 | + return NULL; | ||
41 | + } | ||
42 | + | ||
43 | if (ics->ivm != NULL) | ||
44 | oakley_delivm(ics->ivm); | ||
45 | |||
46 | diff -urpN a/src/racoon/isakmp_quick.c b/src/racoon/isakmp_quick.c | ||
47 | --- a/src/racoon/isakmp_quick.c | ||
48 | +++ b/src/racoon/isakmp_quick.c | ||
49 | @@ -2243,8 +2243,10 @@ get_proposal_r(iph2) | ||
50 | int error = ISAKMP_INTERNAL_ERROR; | ||
51 | |||
52 | /* check the existence of ID payload */ | ||
53 | - if ((iph2->id_p != NULL && iph2->id == NULL) | ||
54 | - || (iph2->id_p == NULL && iph2->id != NULL)) { | ||
55 | + if ((iph2->id_p != NULL && | ||
56 | + (iph2->id == NULL || iph2->id->v == NULL || iph2->id->l == 0)) || | ||
57 | + (iph2->id != NULL && | ||
58 | + (iph2->id_p == NULL || iph2->id_p->v == NULL || iph2->id_p->l == 0))) { | ||
59 | plog(LLV_ERROR, LOCATION, NULL, | ||
60 | "Both IDs wasn't found in payload.\n"); | ||
61 | return ISAKMP_NTYPE_INVALID_ID_INFORMATION; | ||