summaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-support
diff options
context:
space:
mode:
authorYue Tao <Yue.Tao@windriver.com>2014-07-28 04:17:05 -0400
committerJoe MacDonald <joe_macdonald@mentor.com>2014-08-05 16:23:58 -0400
commit18bea207810b73828451a60f2d647c91f83d1883 (patch)
treeafb8e9b6333fdc324f100d094d209e3dbe21588d /meta-networking/recipes-support
parent7d9440a1e7bdf69403c55d1d21c7d1db1f07969e (diff)
downloadmeta-openembedded-18bea207810b73828451a60f2d647c91f83d1883.tar.gz
strongswan: Security Advisory - strongswan - CVE-2014-2891
strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2891 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-networking/recipes-support')
-rw-r--r--meta-networking/recipes-support/strongswan/files/strongswan-4.3.3-5.1.1_asn1_unwrap.patch28
-rw-r--r--meta-networking/recipes-support/strongswan/strongswan_5.1.1.bb1
2 files changed, 29 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/strongswan/files/strongswan-4.3.3-5.1.1_asn1_unwrap.patch b/meta-networking/recipes-support/strongswan/files/strongswan-4.3.3-5.1.1_asn1_unwrap.patch
new file mode 100644
index 000000000..374f2cfe6
--- /dev/null
+++ b/meta-networking/recipes-support/strongswan/files/strongswan-4.3.3-5.1.1_asn1_unwrap.patch
@@ -0,0 +1,28 @@
1strongswan: asn1: Properly check length in asn1_unwrap()
2
3Fixes CVE-2014-2891 in strongSwan releases 4.3.3-5.1.1.
4
5Upstream-Status: Pending
6
7Signed-off-by: Yue Tao <yue.tao@windriver.com>
8
9---
10 src/libstrongswan/asn1/asn1.c | 2 +-
11 1 file changed, 1 insertion(+), 1 deletion(-)
12
13diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
14index d860ad9..9a5f5c5 100644
15--- a/src/libstrongswan/asn1/asn1.c
16+++ b/src/libstrongswan/asn1/asn1.c
17@@ -296,7 +296,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner)
18 else
19 { /* composite length, determine number of length octets */
20 len &= 0x7f;
21- if (len == 0 || len > sizeof(res.len))
22+ if (len == 0 || len > blob->len || len > sizeof(res.len))
23 {
24 return ASN1_INVALID;
25 }
26--
271.7.10.4
28
diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.1.1.bb b/meta-networking/recipes-support/strongswan/strongswan_5.1.1.bb
index 821d965ea..cfa9abccc 100644
--- a/meta-networking/recipes-support/strongswan/strongswan_5.1.1.bb
+++ b/meta-networking/recipes-support/strongswan/strongswan_5.1.1.bb
@@ -10,6 +10,7 @@ DEPENDS = "gmp openssl flex-native flex bison-native"
10SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \ 10SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \
11 file://fix-funtion-parameter.patch \ 11 file://fix-funtion-parameter.patch \
12 file://strongswan-5.0.0-5.1.2_reject_child_sa.patch \ 12 file://strongswan-5.0.0-5.1.2_reject_child_sa.patch \
13 file://strongswan-4.3.3-5.1.1_asn1_unwrap.patch \
13" 14"
14 15
15SRC_URI[md5sum] = "e3af3d493d22286be3cd794533a8966a" 16SRC_URI[md5sum] = "e3af3d493d22286be3cd794533a8966a"