Upstream-Status: Backport [https://github.com/strongswan/strongswan/commit/1e0643bef105704337efc141a37dfcfbaa53cb1f]
Signed-off-by: Nitin Wankhade <[email protected]> --- ...accept-non-empty-ECDH-public-keys-wi.patch | 51 +++++++++++++++++++ .../strongswan/strongswan_5.9.14.bb | 1 + 2 files changed, 52 insertions(+) create mode 100644 meta-networking/recipes-support/strongswan/strongswan/tls-server-Only-accept-non-empty-ECDH-public-keys-wi.patch diff --git a/meta-networking/recipes-support/strongswan/strongswan/tls-server-Only-accept-non-empty-ECDH-public-keys-wi.patch b/meta-networking/recipes-support/strongswan/strongswan/tls-server-Only-accept-non-empty-ECDH-public-keys-wi.patch new file mode 100644 index 0000000000..a05fd9bced --- /dev/null +++ b/meta-networking/recipes-support/strongswan/strongswan/tls-server-Only-accept-non-empty-ECDH-public-keys-wi.patch @@ -0,0 +1,51 @@ +From: Tobias Brunner <[email protected]> +Date: Fri, 20 Mar 2026 17:38:07 +0100 +Subject: tls-server: Only accept non-empty ECDH public keys with TLS < 1.3 + +This prevents a crash due to a null-pointer dereference when processing +an empty ECDH public key. + +The previous length check only applied in the `!ec` case, so in the `ec` +case, the access to `pub.ptr[0]` was unguarded. If a crafted TLS +record ends with an empty ClientKeyExchange, then `read_data8` sets +`pub` to `chunk_empty`, causing a null-pointer dereference. + +Note that if some data follows the empty ClientKeyExchange, this just +causes a 1-byte out-of-bounds read that has no further effect as the +TLS session is aborted immediately. Either because the read value +doesn't equal TLS_ANSI_UNCOMPRESSED or because the empty public key +is rejected by `set_public_key()`. + +The referenced commit that introduced the pointer access, added the +check for `pub.len` specifically to the `!ec` case, while the pointer +access was initially unconditional (probably because the code was just +copied from `tls_peer.c` which processes ECDH public keys in a separate +function, so there was no `ec` flag). The latter was fixed a couple of +days later with 7b3c01845f63 ("Read the compression type byte for EC +groups, only"). However, that commit didn't change the length check. +Anyway, it's possible that the original intention was to add the check +to the `ec` case on the previous line, or that there was some confusion +with the parenthesis and something like the current code was intended to +begin with. + +Fixes: e6cce7ff0d1b ("Prepend point format to ECDH public key") +Fixes: CVE-2026-35332 + +CVE: CVE-2026-35332 +Upstream-Status: Backport [https://github.com/strongswan/strongswan/commit/1e0643bef105704337efc141a37dfcfbaa53cb1f] +Patch is refreshed as per the source code version 5.9.14 +Signed-off-by: Nitin Wankhade <[email protected]> +=== +diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c +index 7b2238e..bffc01c 100644 +--- a/src/libtls/tls_server.c ++++ b/src/libtls/tls_server.c +@@ -857,7 +857,7 @@ static status_t process_key_exchange_dhe(private_tls_server_t *this, + group = this->dh->get_method(this->dh); + ec = key_exchange_is_ecdh(group); + if ((ec && !reader->read_data8(reader, &pub)) || +- (!ec && (!reader->read_data16(reader, &pub) || pub.len == 0))) ++ (!ec && !reader->read_data16(reader, &pub)) || pub.len == 0) + { + DBG1(DBG_TLS, "received invalid Client Key Exchange"); + this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR); diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.14.bb b/meta-networking/recipes-support/strongswan/strongswan_5.9.14.bb index 41a4de845f..f65a94dd73 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.9.14.bb +++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.14.bb @@ -16,6 +16,7 @@ SRC_URI = "https://download.strongswan.org/strongswan-${PV}.tar.bz2 \ file://pkcs5-pkcs7-Avoid-NULL-pointer-dereference-when-veri.patch \ file://libsimaka-Reject-zero-length-EAP-SIM-AKA-attributes.patch \ file://constraints-Case-insensitive-matching-and-reject-exc.patch \ + file://tls-server-Only-accept-non-empty-ECDH-public-keys-wi.patch \ " SRC_URI[sha256sum] = "728027ddda4cb34c67c4cec97d3ddb8c274edfbabdaeecf7e74693b54fc33678" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#127450): https://lists.openembedded.org/g/openembedded-devel/message/127450 Mute This Topic: https://lists.openembedded.org/mt/119720012/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
