Accepting request 45248 from network:vpn
Copy from network:vpn/strongswan based on submit request 45248 from user mtomaschewski OBS-URL: https://build.opensuse.org/request/show/45248 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=25
This commit is contained in:
parent
8ec0a8d6be
commit
a20c4c2cac
105
strongswan-4.4.0-snprintf-fix.diff
Normal file
105
strongswan-4.4.0-snprintf-fix.diff
Normal file
@ -0,0 +1,105 @@
|
|||||||
|
From 96e2f9f3a70a7c918772f7dde57c6cb8befbc60e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Martin Willi <martin@revosec.ch>
|
||||||
|
Date: Fri, 18 Jun 2010 09:18:27 +0200
|
||||||
|
Subject: [PATCH] snprintf() fixes, version 4.4.0
|
||||||
|
|
||||||
|
---
|
||||||
|
.../credentials/ietf_attributes/ietf_attributes.c | 13 +++++++++++--
|
||||||
|
src/libstrongswan/utils/identification.c | 12 ++++++++++++
|
||||||
|
src/pluto/x509.c | 4 ++++
|
||||||
|
3 files changed, 27 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c
|
||||||
|
index ff3ddeb..de5b85b 100644
|
||||||
|
--- a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c
|
||||||
|
+++ b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c
|
||||||
|
@@ -159,7 +159,7 @@ static char* get_string(private_ietf_attributes_t *this)
|
||||||
|
enumerator = this->list->create_enumerator(this->list);
|
||||||
|
while (enumerator->enumerate(enumerator, &attr))
|
||||||
|
{
|
||||||
|
- int written = 0;
|
||||||
|
+ int written;
|
||||||
|
|
||||||
|
if (first)
|
||||||
|
{
|
||||||
|
@@ -168,8 +168,12 @@ static char* get_string(private_ietf_attributes_t *this)
|
||||||
|
else
|
||||||
|
{
|
||||||
|
written = snprintf(pos, len, ", ");
|
||||||
|
+ if (written < 0 || written >= len)
|
||||||
|
+ {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
pos += written;
|
||||||
|
- len -= written;
|
||||||
|
+ len -= written;
|
||||||
|
}
|
||||||
|
|
||||||
|
switch (attr->type)
|
||||||
|
@@ -194,8 +198,13 @@ static char* get_string(private_ietf_attributes_t *this)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
default:
|
||||||
|
+ written = 0;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
+ if (written < 0 || written >= len)
|
||||||
|
+ {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
pos += written;
|
||||||
|
len -= written;
|
||||||
|
}
|
||||||
|
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
|
||||||
|
index 6a3c393..6ccfa19 100644
|
||||||
|
--- a/src/libstrongswan/utils/identification.c
|
||||||
|
+++ b/src/libstrongswan/utils/identification.c
|
||||||
|
@@ -297,18 +297,30 @@ static void dntoa(chunk_t dn, char *buf, size_t len)
|
||||||
|
{
|
||||||
|
written = snprintf(buf, len,"%s=", oid_names[oid].name);
|
||||||
|
}
|
||||||
|
+ if (written < 0 || written >= len)
|
||||||
|
+ {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
buf += written;
|
||||||
|
len -= written;
|
||||||
|
|
||||||
|
chunk_printable(data, &printable, '?');
|
||||||
|
written = snprintf(buf, len, "%.*s", printable.len, printable.ptr);
|
||||||
|
chunk_free(&printable);
|
||||||
|
+ if (written < 0 || written >= len)
|
||||||
|
+ {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
buf += written;
|
||||||
|
len -= written;
|
||||||
|
|
||||||
|
if (data.ptr + data.len != dn.ptr + dn.len)
|
||||||
|
{
|
||||||
|
written = snprintf(buf, len, ", ");
|
||||||
|
+ if (written < 0 || written >= len)
|
||||||
|
+ {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
buf += written;
|
||||||
|
len -= written;
|
||||||
|
}
|
||||||
|
diff --git a/src/pluto/x509.c b/src/pluto/x509.c
|
||||||
|
index 0a29830..0abebc6 100644
|
||||||
|
--- a/src/pluto/x509.c
|
||||||
|
+++ b/src/pluto/x509.c
|
||||||
|
@@ -393,6 +393,10 @@ void list_x509cert_chain(const char *caption, cert_t* cert,
|
||||||
|
{
|
||||||
|
written = snprintf(pos, len, ", %Y", id);
|
||||||
|
}
|
||||||
|
+ if (written < 0 || written >= len)
|
||||||
|
+ {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
pos += written;
|
||||||
|
len -= written;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
1.7.0.4
|
||||||
|
|
@ -1,3 +1,10 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jul 2 15:40:17 UTC 2010 - mt@suse.de
|
||||||
|
|
||||||
|
- Applied upstream patch fixing snprintf flaws in the strongSwan
|
||||||
|
IKE daemons exploitable by unauthenticated attackers using a
|
||||||
|
crafted certificate or identification payload (bnc#615915).
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jul 2 14:16:18 UTC 2010 - mt@suse.de
|
Fri Jul 2 14:16:18 UTC 2010 - mt@suse.de
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@ Name: strongswan
|
|||||||
%define strongswan_docdir %{_docdir}/%{name}
|
%define strongswan_docdir %{_docdir}/%{name}
|
||||||
%define strongswan_plugins %{_libexecdir}/ipsec/plugins
|
%define strongswan_plugins %{_libexecdir}/ipsec/plugins
|
||||||
Version: 4.4.0
|
Version: 4.4.0
|
||||||
Release: 2
|
Release: 6
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: Productivity/Networking/Security
|
Group: Productivity/Networking/Security
|
||||||
Summary: OpenSource IPsec-based VPN Solution
|
Summary: OpenSource IPsec-based VPN Solution
|
||||||
@ -38,6 +38,7 @@ Source2: %{name}.init.in
|
|||||||
Source3: %{name}-%{version}-rpmlintrc
|
Source3: %{name}-%{version}-rpmlintrc
|
||||||
Source4: README.SUSE
|
Source4: README.SUSE
|
||||||
Patch1: %{name}_modprobe_syslog.patch
|
Patch1: %{name}_modprobe_syslog.patch
|
||||||
|
Patch2: %{name}-4.4.0-snprintf-fix.diff
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
BuildRequires: bison flex gmp-devel gperf pkg-config
|
BuildRequires: bison flex gmp-devel gperf pkg-config
|
||||||
BuildRequires: libcap-devel
|
BuildRequires: libcap-devel
|
||||||
@ -189,6 +190,7 @@ NetworkManager-strongswan graphical user interface.
|
|||||||
%prep
|
%prep
|
||||||
%setup -q -n %{name}-%{upstream_version}
|
%setup -q -n %{name}-%{upstream_version}
|
||||||
%patch1 -p0
|
%patch1 -p0
|
||||||
|
%patch2 -p1
|
||||||
sed -e 's|@libexecdir@|%_libexecdir|g' \
|
sed -e 's|@libexecdir@|%_libexecdir|g' \
|
||||||
< $RPM_SOURCE_DIR/strongswan.init.in \
|
< $RPM_SOURCE_DIR/strongswan.init.in \
|
||||||
> strongswan.init
|
> strongswan.init
|
||||||
|
Loading…
Reference in New Issue
Block a user