forked from pool/strongswan
This commit is contained in:
OBS User unknown
Git OBS Bridge
parent
ed54a2e985
commit
18ed32232d
24
strongswan-4.x.x._swapped_ts_check.patch
Normal file
24
strongswan-4.x.x._swapped_ts_check.patch
Normal file
@ -0,0 +1,24 @@
|
||||
commit 0a3ca29021ffe389ae4f7400ee05f42dcf384d6b
|
||||
Author: Martin Willi <martin@strongswan.org>
|
||||
Date: Tue May 12 17:13:09 2009 +0200
|
||||
|
||||
fixed cleanup of traffic selector lists
|
||||
|
||||
diff --git a/src/charon/sa/tasks/child_create.c b/src/charon/sa/tasks/child_create.c
|
||||
index 382266f..6bf9e9d 100644
|
||||
--- a/src/charon/sa/tasks/child_create.c
|
||||
+++ b/src/charon/sa/tasks/child_create.c
|
||||
@@ -1126,11 +1126,11 @@ static void destroy(private_child_create_t *this)
|
||||
{
|
||||
chunk_free(&this->my_nonce);
|
||||
chunk_free(&this->other_nonce);
|
||||
- if (this->tsi)
|
||||
+ if (this->tsr)
|
||||
{
|
||||
this->tsr->destroy_offset(this->tsr, offsetof(traffic_selector_t, destroy));
|
||||
}
|
||||
- if (this->tsr)
|
||||
+ if (this->tsi)
|
||||
{
|
||||
this->tsi->destroy_offset(this->tsi, offsetof(traffic_selector_t, destroy));
|
||||
}
|
||||
22
strongswan-4.x.x_invalid_ike_state.patch
Normal file
22
strongswan-4.x.x_invalid_ike_state.patch
Normal file
@ -0,0 +1,22 @@
|
||||
commit a627e31f463367d83be5814aff8ddbceb725f4ed
|
||||
Author: Martin Willi <martin@strongswan.org>
|
||||
Date: Thu May 7 15:53:45 2009 +0200
|
||||
|
||||
properly delete IKE_SA if IKE_SA_INIT processing failed
|
||||
|
||||
diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c
|
||||
index b8e8213..126011e 100644
|
||||
--- a/src/charon/sa/ike_sa.c
|
||||
+++ b/src/charon/sa/ike_sa.c
|
||||
@@ -1424,6 +1424,11 @@ static status_t process_message(private_ike_sa_t *this, message_t *message)
|
||||
exchange_type_names, message->get_exchange_type(message),
|
||||
message->get_request(message) ? "request" : "response",
|
||||
message->get_message_id(message));
|
||||
+
|
||||
+ if (this->state == IKE_CREATED)
|
||||
+ { /* invalid initiation attempt, close SA */
|
||||
+ return DESTROY_ME;
|
||||
+ }
|
||||
return status;
|
||||
}
|
||||
else
|
||||
@ -1,3 +1,17 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 2 09:56:16 CEST 2009 - mt@suse.de
|
||||
|
||||
- Applied fix for a Denial-of-Service vulnerability where receiving
|
||||
a malformed IKE_SA_INIT request leaves an incomplete state which
|
||||
causes a crash of the IKEv2 charon while dereferencing a NULL
|
||||
pointer if a subsequent CREATE_CHILD_SA is received (bnc#507742).
|
||||
- Applied fix for a Denial-of-Service vulnerability where receiving
|
||||
a malformed IKE_AUTH request with either a missing TSi or TSr
|
||||
traffic selector payload causes a crash of the IKEv2 charon while
|
||||
dereferencing a NULL pointer because the NULL pointer checks of
|
||||
TSi and TSr before destruction were erroneously swapped
|
||||
(bnc#507742).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 31 11:19:03 CEST 2009 - mt@suse.de
|
||||
|
||||
|
||||
@ -22,7 +22,7 @@ Name: strongswan
|
||||
%define upstream_version 4.2.14
|
||||
%define strongswan_docdir %{_docdir}/%{name}
|
||||
Version: 4.2.14
|
||||
Release: 1
|
||||
Release: 2
|
||||
License: GPL v2 or later
|
||||
Group: Productivity/Networking/Security
|
||||
Summary: StrongSwan -- OpenSource IPsec-based VPN Solution
|
||||
@ -39,6 +39,8 @@ Source2: %{name}.init.in
|
||||
Source3: %{name}-%{version}-rpmlintrc
|
||||
Patch1: %{name}_modprobe_syslog.dif
|
||||
Patch2: %{name}_update-dns-server.dif
|
||||
Patch3: %{name}-4.x.x_invalid_ike_state.patch
|
||||
Patch4: %{name}-4.x.x._swapped_ts_check.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildRequires: bison flex gmp-devel gperf pkg-config
|
||||
%if 0%{?suse_version} >= 1030
|
||||
@ -135,6 +137,8 @@ Authors:
|
||||
%setup -q -n %{name}-%{upstream_version}
|
||||
%patch1 -p0
|
||||
%patch2 -p0
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
sed -e 's|@libexecdir@|%_libexecdir|g' \
|
||||
< $RPM_SOURCE_DIR/strongswan.init.in \
|
||||
> strongswan.init
|
||||
@ -267,6 +271,17 @@ fi
|
||||
%{_mandir}/man8/starter.8*
|
||||
|
||||
%changelog
|
||||
* Tue Jun 02 2009 mt@suse.de
|
||||
- Applied fix for a Denial-of-Service vulnerability where receiving
|
||||
a malformed IKE_SA_INIT request leaves an incomplete state which
|
||||
causes a crash of the IKEv2 charon while dereferencing a NULL
|
||||
pointer if a subsequent CREATE_CHILD_SA is received (bnc#507742).
|
||||
- Applied fix for a Denial-of-Service vulnerability where receiving
|
||||
a malformed IKE_AUTH request with either a missing TSi or TSr
|
||||
traffic selector payload causes a crash of the IKEv2 charon while
|
||||
dereferencing a NULL pointer because the NULL pointer checks of
|
||||
TSi and TSr before destruction were erroneously swapped
|
||||
(bnc#507742).
|
||||
* Tue Mar 31 2009 mt@suse.de
|
||||
- Updated to strongSwan 4.2.14 release that fixes a grave DPD
|
||||
denial of service vulnerability registered as CVE-2009-0790,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user