forked from pool/strongswan
8cfc35877a
- Updated to strongSwan 5.3.5 providing the following changes: *Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two requirements regarding the passed exponent and modulus that the plugin did not enforce, if these are not met the calculation will result in a floating point exception that crashes the whole process. This vulnerability has been registered as CVE-2017-9022. Please refer to our blog for details. *Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when parsing X.509 extensions that use such types. This vulnerability has been registered as CVE-2017-9023. Please refer to our blog for details. *The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA the responder already has everything available to install and use the new CHILD_SA. However, this could lead to lost traffic as the initiator won't be able to process inbound packets until it processed the CREATE_CHILD_SA response and updated the inbound SA. To avoid this the responder now only installs the new inbound SA and delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA. *The messages transporting these DELETEs could reach the peer before packets sent with the deleted outbound SAs reach it. To reduce the chance of traffic loss due to this the inbound SA of the replaced CHILD_SA is not removed for a configurable amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed. *The code base has been ported to Apple's ARM64 iOS platform, which required several changes regarding the use of variadic functions. This was necessary because the calling conventions for variadic and regular functions are different there. This means that assigning a non-variadic function to a variadic function pointer, as we did with our enumerator_t::enumerate() implementations and several callbacks, will result in crashes as the called function accesses the arguments differently than the OBS-URL: https://build.opensuse.org/request/show/513652 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=99
50 lines
1.5 KiB
Diff
50 lines
1.5 KiB
Diff
iFrom ed282e9a463c068146c945984fdea7828e663861 Mon Sep 17 00:00:00 2001
|
|
From: Tobias Brunner <tobias@strongswan.org>
|
|
Date: Mon, 29 May 2017 11:59:34 +0200
|
|
Subject: [PATCH] gmp: Fix RSA signature verification for m >= n
|
|
|
|
By definition, m must be <= n-1, we didn't enforce that and because
|
|
mpz_export() returns NULL if the passed value is zero a crash could have
|
|
been triggered with m == n.
|
|
|
|
Fixes CVE-2017-11185.
|
|
---
|
|
src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 12 +++++++++---
|
|
1 file changed, 9 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
|
|
index 32a72ac9600b..a741f85d4f62 100644
|
|
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
|
|
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
|
|
@@ -78,11 +78,17 @@ static chunk_t rsaep(private_gmp_rsa_public_key_t *this, chunk_t data)
|
|
mpz_t m, c;
|
|
chunk_t encrypted;
|
|
|
|
- mpz_init(c);
|
|
mpz_init(m);
|
|
-
|
|
mpz_import(m, data.len, 1, 1, 1, 0, data.ptr);
|
|
|
|
+ if (mpz_cmp_ui(m, 0) <= 0 || mpz_cmp(m, this->n) >= 0)
|
|
+ { /* m must be <= n-1, but 0 is a valid value, doesn't really make sense
|
|
+ * here, though */
|
|
+ mpz_clear(m);
|
|
+ return chunk_empty;
|
|
+ }
|
|
+
|
|
+ mpz_init(c);
|
|
mpz_powm(c, m, this->e, this->n);
|
|
|
|
encrypted.len = this->k;
|
|
@@ -150,7 +156,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
|
|
*/
|
|
|
|
/* check magic bytes */
|
|
- if (*(em.ptr) != 0x00 || *(em.ptr+1) != 0x01)
|
|
+ if (em.len < 2 || *(em.ptr) != 0x00 || *(em.ptr+1) != 0x01)
|
|
{
|
|
goto end;
|
|
}
|
|
--
|
|
2.7.4
|