Accepting request 45248 from network:vpn
Copy from network:vpn/strongswan based on submit request 45248 from user mtomaschewski OBS-URL: https://build.opensuse.org/request/show/45248 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=25
This commit is contained in:
parent
8ec0a8d6be
commit
a20c4c2cac
105
strongswan-4.4.0-snprintf-fix.diff
Normal file
105
strongswan-4.4.0-snprintf-fix.diff
Normal file
@ -0,0 +1,105 @@
|
||||
From 96e2f9f3a70a7c918772f7dde57c6cb8befbc60e Mon Sep 17 00:00:00 2001
|
||||
From: Martin Willi <martin@revosec.ch>
|
||||
Date: Fri, 18 Jun 2010 09:18:27 +0200
|
||||
Subject: [PATCH] snprintf() fixes, version 4.4.0
|
||||
|
||||
---
|
||||
.../credentials/ietf_attributes/ietf_attributes.c | 13 +++++++++++--
|
||||
src/libstrongswan/utils/identification.c | 12 ++++++++++++
|
||||
src/pluto/x509.c | 4 ++++
|
||||
3 files changed, 27 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c
|
||||
index ff3ddeb..de5b85b 100644
|
||||
--- a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c
|
||||
+++ b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c
|
||||
@@ -159,7 +159,7 @@ static char* get_string(private_ietf_attributes_t *this)
|
||||
enumerator = this->list->create_enumerator(this->list);
|
||||
while (enumerator->enumerate(enumerator, &attr))
|
||||
{
|
||||
- int written = 0;
|
||||
+ int written;
|
||||
|
||||
if (first)
|
||||
{
|
||||
@@ -168,8 +168,12 @@ static char* get_string(private_ietf_attributes_t *this)
|
||||
else
|
||||
{
|
||||
written = snprintf(pos, len, ", ");
|
||||
+ if (written < 0 || written >= len)
|
||||
+ {
|
||||
+ break;
|
||||
+ }
|
||||
pos += written;
|
||||
- len -= written;
|
||||
+ len -= written;
|
||||
}
|
||||
|
||||
switch (attr->type)
|
||||
@@ -194,8 +198,13 @@ static char* get_string(private_ietf_attributes_t *this)
|
||||
break;
|
||||
}
|
||||
default:
|
||||
+ written = 0;
|
||||
break;
|
||||
}
|
||||
+ if (written < 0 || written >= len)
|
||||
+ {
|
||||
+ break;
|
||||
+ }
|
||||
pos += written;
|
||||
len -= written;
|
||||
}
|
||||
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
|
||||
index 6a3c393..6ccfa19 100644
|
||||
--- a/src/libstrongswan/utils/identification.c
|
||||
+++ b/src/libstrongswan/utils/identification.c
|
||||
@@ -297,18 +297,30 @@ static void dntoa(chunk_t dn, char *buf, size_t len)
|
||||
{
|
||||
written = snprintf(buf, len,"%s=", oid_names[oid].name);
|
||||
}
|
||||
+ if (written < 0 || written >= len)
|
||||
+ {
|
||||
+ break;
|
||||
+ }
|
||||
buf += written;
|
||||
len -= written;
|
||||
|
||||
chunk_printable(data, &printable, '?');
|
||||
written = snprintf(buf, len, "%.*s", printable.len, printable.ptr);
|
||||
chunk_free(&printable);
|
||||
+ if (written < 0 || written >= len)
|
||||
+ {
|
||||
+ break;
|
||||
+ }
|
||||
buf += written;
|
||||
len -= written;
|
||||
|
||||
if (data.ptr + data.len != dn.ptr + dn.len)
|
||||
{
|
||||
written = snprintf(buf, len, ", ");
|
||||
+ if (written < 0 || written >= len)
|
||||
+ {
|
||||
+ break;
|
||||
+ }
|
||||
buf += written;
|
||||
len -= written;
|
||||
}
|
||||
diff --git a/src/pluto/x509.c b/src/pluto/x509.c
|
||||
index 0a29830..0abebc6 100644
|
||||
--- a/src/pluto/x509.c
|
||||
+++ b/src/pluto/x509.c
|
||||
@@ -393,6 +393,10 @@ void list_x509cert_chain(const char *caption, cert_t* cert,
|
||||
{
|
||||
written = snprintf(pos, len, ", %Y", id);
|
||||
}
|
||||
+ if (written < 0 || written >= len)
|
||||
+ {
|
||||
+ break;
|
||||
+ }
|
||||
pos += written;
|
||||
len -= written;
|
||||
}
|
||||
--
|
||||
1.7.0.4
|
||||
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 2 15:40:17 UTC 2010 - mt@suse.de
|
||||
|
||||
- Applied upstream patch fixing snprintf flaws in the strongSwan
|
||||
IKE daemons exploitable by unauthenticated attackers using a
|
||||
crafted certificate or identification payload (bnc#615915).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 2 14:16:18 UTC 2010 - mt@suse.de
|
||||
|
||||
|
@ -23,7 +23,7 @@ Name: strongswan
|
||||
%define strongswan_docdir %{_docdir}/%{name}
|
||||
%define strongswan_plugins %{_libexecdir}/ipsec/plugins
|
||||
Version: 4.4.0
|
||||
Release: 2
|
||||
Release: 6
|
||||
License: GPLv2+
|
||||
Group: Productivity/Networking/Security
|
||||
Summary: OpenSource IPsec-based VPN Solution
|
||||
@ -38,6 +38,7 @@ Source2: %{name}.init.in
|
||||
Source3: %{name}-%{version}-rpmlintrc
|
||||
Source4: README.SUSE
|
||||
Patch1: %{name}_modprobe_syslog.patch
|
||||
Patch2: %{name}-4.4.0-snprintf-fix.diff
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildRequires: bison flex gmp-devel gperf pkg-config
|
||||
BuildRequires: libcap-devel
|
||||
@ -189,6 +190,7 @@ NetworkManager-strongswan graphical user interface.
|
||||
%prep
|
||||
%setup -q -n %{name}-%{upstream_version}
|
||||
%patch1 -p0
|
||||
%patch2 -p1
|
||||
sed -e 's|@libexecdir@|%_libexecdir|g' \
|
||||
< $RPM_SOURCE_DIR/strongswan.init.in \
|
||||
> strongswan.init
|
||||
|
Loading…
Reference in New Issue
Block a user