From a20c4c2cacb7090ec1dda768c0ab8a850fe387376989344259d9cfeea100f79b Mon Sep 17 00:00:00 2001
From: OBS User autobuild <null@suse.de>
Date: Fri, 13 Aug 2010 00:40:58 +0000
Subject: [PATCH] Accepting request 45248 from network:vpn

Copy from network:vpn/strongswan based on submit request 45248 from user mtomaschewski

OBS-URL: https://build.opensuse.org/request/show/45248
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=25
---
 strongswan-4.4.0-snprintf-fix.diff | 105 +++++++++++++++++++++++++++++
 strongswan.changes                 |   7 ++
 strongswan.spec                    |   4 +-
 3 files changed, 115 insertions(+), 1 deletion(-)
 create mode 100644 strongswan-4.4.0-snprintf-fix.diff

diff --git a/strongswan-4.4.0-snprintf-fix.diff b/strongswan-4.4.0-snprintf-fix.diff
new file mode 100644
index 0000000..4b08b80
--- /dev/null
+++ b/strongswan-4.4.0-snprintf-fix.diff
@@ -0,0 +1,105 @@
+From 96e2f9f3a70a7c918772f7dde57c6cb8befbc60e Mon Sep 17 00:00:00 2001
+From: Martin Willi <martin@revosec.ch>
+Date: Fri, 18 Jun 2010 09:18:27 +0200
+Subject: [PATCH] snprintf() fixes, version 4.4.0
+
+---
+ .../credentials/ietf_attributes/ietf_attributes.c  |   13 +++++++++++--
+ src/libstrongswan/utils/identification.c           |   12 ++++++++++++
+ src/pluto/x509.c                                   |    4 ++++
+ 3 files changed, 27 insertions(+), 2 deletions(-)
+
+diff --git a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c
+index ff3ddeb..de5b85b 100644
+--- a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c
++++ b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c
+@@ -159,7 +159,7 @@ static char* get_string(private_ietf_attributes_t *this)
+ 		enumerator = this->list->create_enumerator(this->list);
+ 		while (enumerator->enumerate(enumerator, &attr))
+ 		{
+-			int written = 0;
++			int written;
+ 
+ 			if (first)
+ 			{
+@@ -168,8 +168,12 @@ static char* get_string(private_ietf_attributes_t *this)
+ 			else
+ 			{
+ 				written = snprintf(pos, len, ", ");
++				if (written < 0 || written >= len)
++				{
++					break;
++				}
+ 				pos += written;
+-				len -= written; 
++				len -= written;
+ 			}
+ 
+ 			switch (attr->type)
+@@ -194,8 +198,13 @@ static char* get_string(private_ietf_attributes_t *this)
+ 					break;
+ 				}
+ 				default:
++					written = 0;
+ 					break;
+ 			}
++			if (written < 0 || written >= len)
++			{
++				break;
++			}
+ 			pos += written;
+ 			len -= written;
+ 		}
+diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
+index 6a3c393..6ccfa19 100644
+--- a/src/libstrongswan/utils/identification.c
++++ b/src/libstrongswan/utils/identification.c
+@@ -297,18 +297,30 @@ static void dntoa(chunk_t dn, char *buf, size_t len)
+ 		{
+ 			written = snprintf(buf, len,"%s=", oid_names[oid].name);
+ 		}
++		if (written < 0 || written >= len)
++		{
++			break;
++		}
+ 		buf += written;
+ 		len -= written;
+ 
+ 		chunk_printable(data, &printable, '?');
+ 		written = snprintf(buf, len, "%.*s", printable.len, printable.ptr);
+ 		chunk_free(&printable);
++		if (written < 0 || written >= len)
++		{
++			break;
++		}
+ 		buf += written;
+ 		len -= written;
+ 
+ 		if (data.ptr + data.len != dn.ptr + dn.len)
+ 		{
+ 			written = snprintf(buf, len, ", ");
++			if (written < 0 || written >= len)
++			{
++				break;
++			}
+ 			buf += written;
+ 			len -= written;
+ 		}
+diff --git a/src/pluto/x509.c b/src/pluto/x509.c
+index 0a29830..0abebc6 100644
+--- a/src/pluto/x509.c
++++ b/src/pluto/x509.c
+@@ -393,6 +393,10 @@ void list_x509cert_chain(const char *caption, cert_t* cert,
+ 				{
+ 					written = snprintf(pos, len, ", %Y", id);
+ 				}
++				if (written < 0 || written >= len)
++				{
++					break;
++				}
+ 				pos += written;
+ 				len -= written;
+ 			}
+--
+1.7.0.4
+
diff --git a/strongswan.changes b/strongswan.changes
index a85ae3b..b09707f 100644
--- a/strongswan.changes
+++ b/strongswan.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Jul  2 15:40:17 UTC 2010 - mt@suse.de
+
+- Applied upstream patch fixing snprintf flaws in the strongSwan
+  IKE daemons exploitable by unauthenticated attackers using a
+  crafted certificate or identification payload (bnc#615915).
+
 -------------------------------------------------------------------
 Fri Jul  2 14:16:18 UTC 2010 - mt@suse.de
 
diff --git a/strongswan.spec b/strongswan.spec
index a40ec65..460a08a 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -23,7 +23,7 @@ Name:           strongswan
 %define         strongswan_docdir  %{_docdir}/%{name}
 %define         strongswan_plugins %{_libexecdir}/ipsec/plugins
 Version:        4.4.0
-Release:        2
+Release:        6
 License:        GPLv2+
 Group:          Productivity/Networking/Security
 Summary:        OpenSource IPsec-based VPN Solution
@@ -38,6 +38,7 @@ Source2:        %{name}.init.in
 Source3:        %{name}-%{version}-rpmlintrc
 Source4:        README.SUSE
 Patch1:         %{name}_modprobe_syslog.patch
+Patch2:         %{name}-4.4.0-snprintf-fix.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  bison flex gmp-devel gperf pkg-config
 BuildRequires:  libcap-devel
@@ -189,6 +190,7 @@ NetworkManager-strongswan graphical user interface.
 %prep
 %setup -q -n %{name}-%{upstream_version}
 %patch1 -p0
+%patch2 -p1
 sed -e 's|@libexecdir@|%_libexecdir|g'    \
      < $RPM_SOURCE_DIR/strongswan.init.in \
      > strongswan.init