diff options
author | Yue Tao <Yue.Tao@windriver.com> | 2014-07-28 04:17:05 -0400 |
---|---|---|
committer | Joe MacDonald <joe_macdonald@mentor.com> | 2014-08-05 16:23:58 -0400 |
commit | 18bea207810b73828451a60f2d647c91f83d1883 (patch) | |
tree | afb8e9b6333fdc324f100d094d209e3dbe21588d /meta-networking/recipes-support/strongswan | |
parent | 7d9440a1e7bdf69403c55d1d21c7d1db1f07969e (diff) | |
download | meta-openembedded-18bea207810b73828451a60f2d647c91f83d1883.tar.gz |
strongswan: Security Advisory - strongswan - CVE-2014-2891
strongSwan before 5.1.2 allows remote attackers to cause a denial of
service (NULL pointer dereference and IKE daemon crash) via a crafted
ID_DER_ASN1_DN ID payload.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2891
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-networking/recipes-support/strongswan')
-rw-r--r-- | meta-networking/recipes-support/strongswan/files/strongswan-4.3.3-5.1.1_asn1_unwrap.patch | 28 | ||||
-rw-r--r-- | meta-networking/recipes-support/strongswan/strongswan_5.1.1.bb | 1 |
2 files changed, 29 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/strongswan/files/strongswan-4.3.3-5.1.1_asn1_unwrap.patch b/meta-networking/recipes-support/strongswan/files/strongswan-4.3.3-5.1.1_asn1_unwrap.patch new file mode 100644 index 000000000..374f2cfe6 --- /dev/null +++ b/meta-networking/recipes-support/strongswan/files/strongswan-4.3.3-5.1.1_asn1_unwrap.patch | |||
@@ -0,0 +1,28 @@ | |||
1 | strongswan: asn1: Properly check length in asn1_unwrap() | ||
2 | |||
3 | Fixes CVE-2014-2891 in strongSwan releases 4.3.3-5.1.1. | ||
4 | |||
5 | Upstream-Status: Pending | ||
6 | |||
7 | Signed-off-by: Yue Tao <yue.tao@windriver.com> | ||
8 | |||
9 | --- | ||
10 | src/libstrongswan/asn1/asn1.c | 2 +- | ||
11 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
12 | |||
13 | diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c | ||
14 | index d860ad9..9a5f5c5 100644 | ||
15 | --- a/src/libstrongswan/asn1/asn1.c | ||
16 | +++ b/src/libstrongswan/asn1/asn1.c | ||
17 | @@ -296,7 +296,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner) | ||
18 | else | ||
19 | { /* composite length, determine number of length octets */ | ||
20 | len &= 0x7f; | ||
21 | - if (len == 0 || len > sizeof(res.len)) | ||
22 | + if (len == 0 || len > blob->len || len > sizeof(res.len)) | ||
23 | { | ||
24 | return ASN1_INVALID; | ||
25 | } | ||
26 | -- | ||
27 | 1.7.10.4 | ||
28 | |||
diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.1.1.bb b/meta-networking/recipes-support/strongswan/strongswan_5.1.1.bb index 821d965ea..cfa9abccc 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.1.1.bb +++ b/meta-networking/recipes-support/strongswan/strongswan_5.1.1.bb | |||
@@ -10,6 +10,7 @@ DEPENDS = "gmp openssl flex-native flex bison-native" | |||
10 | SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \ | 10 | SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \ |
11 | file://fix-funtion-parameter.patch \ | 11 | file://fix-funtion-parameter.patch \ |
12 | file://strongswan-5.0.0-5.1.2_reject_child_sa.patch \ | 12 | file://strongswan-5.0.0-5.1.2_reject_child_sa.patch \ |
13 | file://strongswan-4.3.3-5.1.1_asn1_unwrap.patch \ | ||
13 | " | 14 | " |
14 | 15 | ||
15 | SRC_URI[md5sum] = "e3af3d493d22286be3cd794533a8966a" | 16 | SRC_URI[md5sum] = "e3af3d493d22286be3cd794533a8966a" |