summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-racoon-pfkey-avoid-potential-null-pointer-dereferenc.patch33
-rw-r--r--meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-ivm.patch26
-rw-r--r--meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-pointers.patch61
-rw-r--r--meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb8
4 files changed, 127 insertions, 1 deletions
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-racoon-pfkey-avoid-potential-null-pointer-dereferenc.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-racoon-pfkey-avoid-potential-null-pointer-dereferenc.patch
new file mode 100644
index 000000000..d5602c03d
--- /dev/null
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-racoon-pfkey-avoid-potential-null-pointer-dereferenc.patch
@@ -0,0 +1,33 @@
1From 738a9857be9c92ad2f70be88ccee238e3154a936 Mon Sep 17 00:00:00 2001
2From: Joe MacDonald <joe.macdonald@windriver.com>
3Date: Wed, 2 Oct 2013 14:20:37 -0400
4Subject: [PATCH] racoon/pfkey: avoid potential null-pointer dereference
5
6Building with -Werror=maybe-uninitialized revealed that 'remote' from
7pk_recvmigrate() could be used with uninitialized data in
8migrate_sp_ike_addresses(). Ensure it is always at a minimum assigned
9NULL.
10
11Upstream-Status: Pending
12
13Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
14---
15 src/racoon/pfkey.c | 2 +-
16 1 file changed, 1 insertion(+), 1 deletion(-)
17
18diff --git a/src/racoon/pfkey.c b/src/racoon/pfkey.c
19index d00b166..e0dc1db 100644
20--- a/src/racoon/pfkey.c
21+++ b/src/racoon/pfkey.c
22@@ -3352,7 +3352,7 @@ pk_recvmigrate(mhp)
23 struct sockaddr *old_saddr, *new_saddr;
24 struct sockaddr *old_daddr, *new_daddr;
25 struct sockaddr *old_local, *old_remote;
26- struct sockaddr *local, *remote;
27+ struct sockaddr *local, *remote = NULL;
28 struct sadb_x_kmaddress *kmaddr;
29 struct sadb_x_policy *xpl;
30 struct sadb_x_ipsecrequest *xisr_list;
31--
321.7.9.5
33
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-ivm.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-ivm.patch
new file mode 100644
index 000000000..e272bc20f
--- /dev/null
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-ivm.patch
@@ -0,0 +1,26 @@
1Subject: [PATCH] ipsec-tools: racoon: check several invalid ivm
2
3Upstream-Status: Pending
4
5Add checking for invalid ivm, or it will crash racoon.
6
7Signed-off-by: Ming Liu <ming.liu@windriver.com>
8---
9 isakmp_cfg.c | 5 +++++
10 1 file changed, 5 insertions(+)
11
12diff -urpN a/src/racoon/isakmp_cfg.c b/src/racoon/isakmp_cfg.c
13--- a/src/racoon/isakmp_cfg.c
14+++ b/src/racoon/isakmp_cfg.c
15@@ -171,6 +171,11 @@ isakmp_cfg_r(iph1, msg)
16 iph1->mode_cfg->last_msgid != packet->msgid )
17 iph1->mode_cfg->ivm =
18 isakmp_cfg_newiv(iph1, packet->msgid);
19+ if(iph1->mode_cfg->ivm == NULL) {
20+ plog(LLV_ERROR, LOCATION, NULL,
21+ "failed to create new IV\n");
22+ return;
23+ }
24 ivm = iph1->mode_cfg->ivm;
25
26 dmsg = oakley_do_decrypt(iph1, msg, ivm->iv, ivm->ive);
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-pointers.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-pointers.patch
new file mode 100644
index 000000000..de1bdb407
--- /dev/null
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-pointers.patch
@@ -0,0 +1,61 @@
1Subject: [PATCH] ipsec-tools: racoon: check several invalid pointers
2
3Upstream-Status: Pending
4
5Add checking for invalid pointers, or it will crash racoon.
6
7Signed-off-by: Ming Liu <ming.liu@windriver.com>
8---
9 ipsec_doi.c | 5 +++--
10 isakmp_cfg.c | 7 +++++++
11 isakmp_quick.c | 6 ++++--
12 3 files changed, 14 insertions(+), 4 deletions(-)
13
14diff -urpN a/src/racoon/ipsec_doi.c b/src/racoon/ipsec_doi.c
15--- a/src/racoon/ipsec_doi.c
16+++ b/src/racoon/ipsec_doi.c
17@@ -3374,8 +3374,9 @@ ipsecdoi_chkcmpids( idt, ids, exact )
18
19 /* handle wildcard IDs */
20
21- if (idt == NULL || ids == NULL)
22- {
23+ if (idt == NULL || ids == NULL ||
24+ idt->v == NULL || idt->l == 0 ||
25+ ids->v == NULL || ids->l == 0) {
26 if( !exact )
27 {
28 plog(LLV_DEBUG, LOCATION, NULL,
29diff -urpN a/src/racoon/isakmp_cfg.c b/src/racoon/isakmp_cfg.c
30--- a/src/racoon/isakmp_cfg.c
31+++ b/src/racoon/isakmp_cfg.c
32@@ -1138,6 +1138,13 @@ isakmp_cfg_newiv(iph1, msgid)
33 return NULL;
34 }
35
36+ if (iph1->ivm == NULL || iph1->ivm->iv == NULL ||
37+ iph1->ivm->iv->v == NULL || iph1->ivm->iv->l == 0) {
38+ plog(LLV_ERROR, LOCATION, NULL,
39+ "isakmp_cfg_newiv called with invalid IV management\n");
40+ return NULL;
41+ }
42+
43 if (ics->ivm != NULL)
44 oakley_delivm(ics->ivm);
45
46diff -urpN a/src/racoon/isakmp_quick.c b/src/racoon/isakmp_quick.c
47--- a/src/racoon/isakmp_quick.c
48+++ b/src/racoon/isakmp_quick.c
49@@ -2243,8 +2243,10 @@ get_proposal_r(iph2)
50 int error = ISAKMP_INTERNAL_ERROR;
51
52 /* check the existence of ID payload */
53- if ((iph2->id_p != NULL && iph2->id == NULL)
54- || (iph2->id_p == NULL && iph2->id != NULL)) {
55+ if ((iph2->id_p != NULL &&
56+ (iph2->id == NULL || iph2->id->v == NULL || iph2->id->l == 0)) ||
57+ (iph2->id != NULL &&
58+ (iph2->id_p == NULL || iph2->id_p->v == NULL || iph2->id_p->l == 0))) {
59 plog(LLV_ERROR, LOCATION, NULL,
60 "Both IDs wasn't found in payload.\n");
61 return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb
index 2e5c0a450..b27eb0f45 100644
--- a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb
@@ -11,6 +11,9 @@ SRC_URI = "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${PV
11 file://0001-Fix-warning-with-gcc-4.8.patch \ 11 file://0001-Fix-warning-with-gcc-4.8.patch \
12 file://0002-Don-t-link-against-libfl.patch \ 12 file://0002-Don-t-link-against-libfl.patch \
13 file://configure.patch \ 13 file://configure.patch \
14 file://0001-racoon-pfkey-avoid-potential-null-pointer-dereferenc.patch \
15 file://racoon-check-invalid-pointers.patch \
16 file://racoon-check-invalid-ivm.patch \
14 " 17 "
15SRC_URI[md5sum] = "d38b39f291ba2962387c3232e7335dd8" 18SRC_URI[md5sum] = "d38b39f291ba2962387c3232e7335dd8"
16SRC_URI[sha256sum] = "fa4a95bb36842f001b84c4e7a1bb727e3ee06147edbc830a881d63abe8153dd4" 19SRC_URI[sha256sum] = "fa4a95bb36842f001b84c4e7a1bb727e3ee06147edbc830a881d63abe8153dd4"
@@ -46,10 +49,13 @@ EXTRA_OECONF = "--with-kernel-headers=${STAGING_INCDIR} \
46 --with-readline \ 49 --with-readline \
47 --with-openssl=${STAGING_LIBDIR}/.. \ 50 --with-openssl=${STAGING_LIBDIR}/.. \
48 --without-libradius \ 51 --without-libradius \
49 --without-libpam \
50 --disable-security-context \ 52 --disable-security-context \
51 --enable-shared \ 53 --enable-shared \
52 ${@base_contains('DISTRO_FEATURES', 'ipv6', '--enable-ipv6=yes', '', d)}" 54 ${@base_contains('DISTRO_FEATURES', 'ipv6', '--enable-ipv6=yes', '', d)}"
53 55
54# See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530527 56# See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530527
55CFLAGS += "-fno-strict-aliasing" 57CFLAGS += "-fno-strict-aliasing"
58
59PACKAGECONFIG ??= ""
60PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,"
61PACKAGECONFIG[selinux] = "--enable-security-context,--disable-security-context,libselinux,"