* Guillaume LĂ©croart wrote on 09 Apr 2014: > patch did not apply automatically though (patch -p1 at the root of the > src, got rejected)
Sorry, vim slurped the tabs into spaces...
Description: Fixed parsing of ID_DER_ASN1_DN in X.509 certificates The fix for CVE-2013-2053 (#709144) introduced a bug when parsing the ID_DER_ASN1_DN of a X.509 certificate (local and remote). In the atodn function a boundary check failed, when the full distinguished name if given in ipsec.conf (leftid or rightid). This results in a garbled peer id and in revoking connections. This patch fixes the boundary check. Bug-Debian: http://bugs.debian.org/743332 Origin: other Author: Alexander Hosfeld <i...@hosfeld.de> Last-Update: 2014-04-10 diff -ru openswan-2.6.37.orig/lib/libopenswan/x509dn.c openswan-2.6.37/lib/libopenswan/x509dn.c --- openswan-2.6.37.orig/lib/libopenswan/x509dn.c 2014-04-10 10:50:33.000000000 +0200 +++ openswan-2.6.37/lib/libopenswan/x509dn.c 2014-04-10 10:51:19.524173326 +0200 @@ -866,7 +866,6 @@ chunkcpy(dn_ptr, name); /* accumulate the length of the distinguished name sequence */ - dn_seq_len += 1 + asn1_rdn_set_len.len + rdn_set_len; dn_seq_len += rdn_len; /* reset name and change state */
signature.asc
Description: Digital signature
