SHA256
1
0
forked from pool/strongswan
OBS User unknown 2009-06-07 21:01:03 +00:00 committed by Git OBS Bridge
parent ed54a2e985
commit 18ed32232d
4 changed files with 76 additions and 1 deletions

View File

@ -0,0 +1,24 @@
commit 0a3ca29021ffe389ae4f7400ee05f42dcf384d6b
Author: Martin Willi <martin@strongswan.org>
Date: Tue May 12 17:13:09 2009 +0200
fixed cleanup of traffic selector lists
diff --git a/src/charon/sa/tasks/child_create.c b/src/charon/sa/tasks/child_create.c
index 382266f..6bf9e9d 100644
--- a/src/charon/sa/tasks/child_create.c
+++ b/src/charon/sa/tasks/child_create.c
@@ -1126,11 +1126,11 @@ static void destroy(private_child_create_t *this)
{
chunk_free(&this->my_nonce);
chunk_free(&this->other_nonce);
- if (this->tsi)
+ if (this->tsr)
{
this->tsr->destroy_offset(this->tsr, offsetof(traffic_selector_t, destroy));
}
- if (this->tsr)
+ if (this->tsi)
{
this->tsi->destroy_offset(this->tsi, offsetof(traffic_selector_t, destroy));
}

View File

@ -0,0 +1,22 @@
commit a627e31f463367d83be5814aff8ddbceb725f4ed
Author: Martin Willi <martin@strongswan.org>
Date: Thu May 7 15:53:45 2009 +0200
properly delete IKE_SA if IKE_SA_INIT processing failed
diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c
index b8e8213..126011e 100644
--- a/src/charon/sa/ike_sa.c
+++ b/src/charon/sa/ike_sa.c
@@ -1424,6 +1424,11 @@ static status_t process_message(private_ike_sa_t *this, message_t *message)
exchange_type_names, message->get_exchange_type(message),
message->get_request(message) ? "request" : "response",
message->get_message_id(message));
+
+ if (this->state == IKE_CREATED)
+ { /* invalid initiation attempt, close SA */
+ return DESTROY_ME;
+ }
return status;
}
else

View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Tue Jun 2 09:56:16 CEST 2009 - mt@suse.de
- Applied fix for a Denial-of-Service vulnerability where receiving
a malformed IKE_SA_INIT request leaves an incomplete state which
causes a crash of the IKEv2 charon while dereferencing a NULL
pointer if a subsequent CREATE_CHILD_SA is received (bnc#507742).
- Applied fix for a Denial-of-Service vulnerability where receiving
a malformed IKE_AUTH request with either a missing TSi or TSr
traffic selector payload causes a crash of the IKEv2 charon while
dereferencing a NULL pointer because the NULL pointer checks of
TSi and TSr before destruction were erroneously swapped
(bnc#507742).
-------------------------------------------------------------------
Tue Mar 31 11:19:03 CEST 2009 - mt@suse.de

View File

@ -22,7 +22,7 @@ Name: strongswan
%define upstream_version 4.2.14
%define strongswan_docdir %{_docdir}/%{name}
Version: 4.2.14
Release: 1
Release: 2
License: GPL v2 or later
Group: Productivity/Networking/Security
Summary: StrongSwan -- OpenSource IPsec-based VPN Solution
@ -39,6 +39,8 @@ Source2: %{name}.init.in
Source3: %{name}-%{version}-rpmlintrc
Patch1: %{name}_modprobe_syslog.dif
Patch2: %{name}_update-dns-server.dif
Patch3: %{name}-4.x.x_invalid_ike_state.patch
Patch4: %{name}-4.x.x._swapped_ts_check.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bison flex gmp-devel gperf pkg-config
%if 0%{?suse_version} >= 1030
@ -135,6 +137,8 @@ Authors:
%setup -q -n %{name}-%{upstream_version}
%patch1 -p0
%patch2 -p0
%patch3 -p1
%patch4 -p1
sed -e 's|@libexecdir@|%_libexecdir|g' \
< $RPM_SOURCE_DIR/strongswan.init.in \
> strongswan.init
@ -267,6 +271,17 @@ fi
%{_mandir}/man8/starter.8*
%changelog
* Tue Jun 02 2009 mt@suse.de
- Applied fix for a Denial-of-Service vulnerability where receiving
a malformed IKE_SA_INIT request leaves an incomplete state which
causes a crash of the IKEv2 charon while dereferencing a NULL
pointer if a subsequent CREATE_CHILD_SA is received (bnc#507742).
- Applied fix for a Denial-of-Service vulnerability where receiving
a malformed IKE_AUTH request with either a missing TSi or TSr
traffic selector payload causes a crash of the IKEv2 charon while
dereferencing a NULL pointer because the NULL pointer checks of
TSi and TSr before destruction were erroneously swapped
(bnc#507742).
* Tue Mar 31 2009 mt@suse.de
- Updated to strongSwan 4.2.14 release that fixes a grave DPD
denial of service vulnerability registered as CVE-2009-0790,