diff options
4 files changed, 127 insertions, 1 deletions
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-racoon-pfkey-avoid-potential-null-pointer-dereferenc.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-racoon-pfkey-avoid-potential-null-pointer-dereferenc.patch new file mode 100644 index 000000000..d5602c03d --- /dev/null +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-racoon-pfkey-avoid-potential-null-pointer-dereferenc.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | From 738a9857be9c92ad2f70be88ccee238e3154a936 Mon Sep 17 00:00:00 2001 | ||
2 | From: Joe MacDonald <joe.macdonald@windriver.com> | ||
3 | Date: Wed, 2 Oct 2013 14:20:37 -0400 | ||
4 | Subject: [PATCH] racoon/pfkey: avoid potential null-pointer dereference | ||
5 | |||
6 | Building with -Werror=maybe-uninitialized revealed that 'remote' from | ||
7 | pk_recvmigrate() could be used with uninitialized data in | ||
8 | migrate_sp_ike_addresses(). Ensure it is always at a minimum assigned | ||
9 | NULL. | ||
10 | |||
11 | Upstream-Status: Pending | ||
12 | |||
13 | Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com> | ||
14 | --- | ||
15 | src/racoon/pfkey.c | 2 +- | ||
16 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
17 | |||
18 | diff --git a/src/racoon/pfkey.c b/src/racoon/pfkey.c | ||
19 | index d00b166..e0dc1db 100644 | ||
20 | --- a/src/racoon/pfkey.c | ||
21 | +++ b/src/racoon/pfkey.c | ||
22 | @@ -3352,7 +3352,7 @@ pk_recvmigrate(mhp) | ||
23 | struct sockaddr *old_saddr, *new_saddr; | ||
24 | struct sockaddr *old_daddr, *new_daddr; | ||
25 | struct sockaddr *old_local, *old_remote; | ||
26 | - struct sockaddr *local, *remote; | ||
27 | + struct sockaddr *local, *remote = NULL; | ||
28 | struct sadb_x_kmaddress *kmaddr; | ||
29 | struct sadb_x_policy *xpl; | ||
30 | struct sadb_x_ipsecrequest *xisr_list; | ||
31 | -- | ||
32 | 1.7.9.5 | ||
33 | |||
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-ivm.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-ivm.patch new file mode 100644 index 000000000..e272bc20f --- /dev/null +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-ivm.patch | |||
@@ -0,0 +1,26 @@ | |||
1 | Subject: [PATCH] ipsec-tools: racoon: check several invalid ivm | ||
2 | |||
3 | Upstream-Status: Pending | ||
4 | |||
5 | Add checking for invalid ivm, or it will crash racoon. | ||
6 | |||
7 | Signed-off-by: Ming Liu <ming.liu@windriver.com> | ||
8 | --- | ||
9 | isakmp_cfg.c | 5 +++++ | ||
10 | 1 file changed, 5 insertions(+) | ||
11 | |||
12 | diff -urpN a/src/racoon/isakmp_cfg.c b/src/racoon/isakmp_cfg.c | ||
13 | --- a/src/racoon/isakmp_cfg.c | ||
14 | +++ b/src/racoon/isakmp_cfg.c | ||
15 | @@ -171,6 +171,11 @@ isakmp_cfg_r(iph1, msg) | ||
16 | iph1->mode_cfg->last_msgid != packet->msgid ) | ||
17 | iph1->mode_cfg->ivm = | ||
18 | isakmp_cfg_newiv(iph1, packet->msgid); | ||
19 | + if(iph1->mode_cfg->ivm == NULL) { | ||
20 | + plog(LLV_ERROR, LOCATION, NULL, | ||
21 | + "failed to create new IV\n"); | ||
22 | + return; | ||
23 | + } | ||
24 | ivm = iph1->mode_cfg->ivm; | ||
25 | |||
26 | dmsg = oakley_do_decrypt(iph1, msg, ivm->iv, ivm->ive); | ||
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-pointers.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-pointers.patch new file mode 100644 index 000000000..de1bdb407 --- /dev/null +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-pointers.patch | |||
@@ -0,0 +1,61 @@ | |||
1 | Subject: [PATCH] ipsec-tools: racoon: check several invalid pointers | ||
2 | |||
3 | Upstream-Status: Pending | ||
4 | |||
5 | Add checking for invalid pointers, or it will crash racoon. | ||
6 | |||
7 | Signed-off-by: Ming Liu <ming.liu@windriver.com> | ||
8 | --- | ||
9 | ipsec_doi.c | 5 +++-- | ||
10 | isakmp_cfg.c | 7 +++++++ | ||
11 | isakmp_quick.c | 6 ++++-- | ||
12 | 3 files changed, 14 insertions(+), 4 deletions(-) | ||
13 | |||
14 | diff -urpN a/src/racoon/ipsec_doi.c b/src/racoon/ipsec_doi.c | ||
15 | --- a/src/racoon/ipsec_doi.c | ||
16 | +++ b/src/racoon/ipsec_doi.c | ||
17 | @@ -3374,8 +3374,9 @@ ipsecdoi_chkcmpids( idt, ids, exact ) | ||
18 | |||
19 | /* handle wildcard IDs */ | ||
20 | |||
21 | - if (idt == NULL || ids == NULL) | ||
22 | - { | ||
23 | + if (idt == NULL || ids == NULL || | ||
24 | + idt->v == NULL || idt->l == 0 || | ||
25 | + ids->v == NULL || ids->l == 0) { | ||
26 | if( !exact ) | ||
27 | { | ||
28 | plog(LLV_DEBUG, LOCATION, NULL, | ||
29 | diff -urpN a/src/racoon/isakmp_cfg.c b/src/racoon/isakmp_cfg.c | ||
30 | --- a/src/racoon/isakmp_cfg.c | ||
31 | +++ b/src/racoon/isakmp_cfg.c | ||
32 | @@ -1138,6 +1138,13 @@ isakmp_cfg_newiv(iph1, msgid) | ||
33 | return NULL; | ||
34 | } | ||
35 | |||
36 | + if (iph1->ivm == NULL || iph1->ivm->iv == NULL || | ||
37 | + iph1->ivm->iv->v == NULL || iph1->ivm->iv->l == 0) { | ||
38 | + plog(LLV_ERROR, LOCATION, NULL, | ||
39 | + "isakmp_cfg_newiv called with invalid IV management\n"); | ||
40 | + return NULL; | ||
41 | + } | ||
42 | + | ||
43 | if (ics->ivm != NULL) | ||
44 | oakley_delivm(ics->ivm); | ||
45 | |||
46 | diff -urpN a/src/racoon/isakmp_quick.c b/src/racoon/isakmp_quick.c | ||
47 | --- a/src/racoon/isakmp_quick.c | ||
48 | +++ b/src/racoon/isakmp_quick.c | ||
49 | @@ -2243,8 +2243,10 @@ get_proposal_r(iph2) | ||
50 | int error = ISAKMP_INTERNAL_ERROR; | ||
51 | |||
52 | /* check the existence of ID payload */ | ||
53 | - if ((iph2->id_p != NULL && iph2->id == NULL) | ||
54 | - || (iph2->id_p == NULL && iph2->id != NULL)) { | ||
55 | + if ((iph2->id_p != NULL && | ||
56 | + (iph2->id == NULL || iph2->id->v == NULL || iph2->id->l == 0)) || | ||
57 | + (iph2->id != NULL && | ||
58 | + (iph2->id_p == NULL || iph2->id_p->v == NULL || iph2->id_p->l == 0))) { | ||
59 | plog(LLV_ERROR, LOCATION, NULL, | ||
60 | "Both IDs wasn't found in payload.\n"); | ||
61 | return ISAKMP_NTYPE_INVALID_ID_INFORMATION; | ||
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb index 2e5c0a450..b27eb0f45 100644 --- a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb | |||
@@ -11,6 +11,9 @@ SRC_URI = "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${PV | |||
11 | file://0001-Fix-warning-with-gcc-4.8.patch \ | 11 | file://0001-Fix-warning-with-gcc-4.8.patch \ |
12 | file://0002-Don-t-link-against-libfl.patch \ | 12 | file://0002-Don-t-link-against-libfl.patch \ |
13 | file://configure.patch \ | 13 | file://configure.patch \ |
14 | file://0001-racoon-pfkey-avoid-potential-null-pointer-dereferenc.patch \ | ||
15 | file://racoon-check-invalid-pointers.patch \ | ||
16 | file://racoon-check-invalid-ivm.patch \ | ||
14 | " | 17 | " |
15 | SRC_URI[md5sum] = "d38b39f291ba2962387c3232e7335dd8" | 18 | SRC_URI[md5sum] = "d38b39f291ba2962387c3232e7335dd8" |
16 | SRC_URI[sha256sum] = "fa4a95bb36842f001b84c4e7a1bb727e3ee06147edbc830a881d63abe8153dd4" | 19 | SRC_URI[sha256sum] = "fa4a95bb36842f001b84c4e7a1bb727e3ee06147edbc830a881d63abe8153dd4" |
@@ -46,10 +49,13 @@ EXTRA_OECONF = "--with-kernel-headers=${STAGING_INCDIR} \ | |||
46 | --with-readline \ | 49 | --with-readline \ |
47 | --with-openssl=${STAGING_LIBDIR}/.. \ | 50 | --with-openssl=${STAGING_LIBDIR}/.. \ |
48 | --without-libradius \ | 51 | --without-libradius \ |
49 | --without-libpam \ | ||
50 | --disable-security-context \ | 52 | --disable-security-context \ |
51 | --enable-shared \ | 53 | --enable-shared \ |
52 | ${@base_contains('DISTRO_FEATURES', 'ipv6', '--enable-ipv6=yes', '', d)}" | 54 | ${@base_contains('DISTRO_FEATURES', 'ipv6', '--enable-ipv6=yes', '', d)}" |
53 | 55 | ||
54 | # See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530527 | 56 | # See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530527 |
55 | CFLAGS += "-fno-strict-aliasing" | 57 | CFLAGS += "-fno-strict-aliasing" |
58 | |||
59 | PACKAGECONFIG ??= "" | ||
60 | PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam," | ||
61 | PACKAGECONFIG[selinux] = "--enable-security-context,--disable-security-context,libselinux," | ||