[PATCH] fix CVE-2015-4047

Upstream-Status: Backport

http://www.openwall.com/lists/oss-security/2015/05/20/1

racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause
a denial of service (NULL pointer dereference and IKE daemon crash) via
a series of crafted UDP requests.

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047

Signed-off-by: Roy Li <rongqing.li@windriver.com>
---
 src/racoon/gssapi.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/racoon/gssapi.c b/src/racoon/gssapi.c
index e64b201..1ad3b42 100644
--- a/src/racoon/gssapi.c
+++ b/src/racoon/gssapi.c
@@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1)
 	gss_name_t princ, canon_princ;
 	OM_uint32 maj_stat, min_stat;
 
+	if (iph1->rmconf == NULL) {
+	        plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
+	        return -1;
+	}
+
 	gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
 	if (gps == NULL) {
 		plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");
-- 
1.9.1