From: Yue Tao <[email protected]> strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2891 Signed-off-by: Yue Tao <[email protected]> Signed-off-by: Jackie Huang <[email protected]> --- .../files/strongswan-4.3.3-5.1.1_asn1_unwrap.patch | 28 ++++++++++++++++++++++ .../recipes-support/strongswan/strongswan_5.1.1.bb | 1 + 2 files changed, 29 insertions(+) create mode 100644 meta-networking/recipes-support/strongswan/files/strongswan-4.3.3-5.1.1_asn1_unwrap.patch diff --git a/meta-networking/recipes-support/strongswan/files/strongswan-4.3.3-5.1.1_asn1_unwrap.patch b/meta-networking/recipes-support/strongswan/files/strongswan-4.3.3-5.1.1_asn1_unwrap.patch new file mode 100644 index 0000000..374f2cf --- /dev/null +++ b/meta-networking/recipes-support/strongswan/files/strongswan-4.3.3-5.1.1_asn1_unwrap.patch @@ -0,0 +1,28 @@ +strongswan: asn1: Properly check length in asn1_unwrap() + +Fixes CVE-2014-2891 in strongSwan releases 4.3.3-5.1.1. + +Upstream-Status: Pending + +Signed-off-by: Yue Tao <[email protected]> + +--- + src/libstrongswan/asn1/asn1.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c +index d860ad9..9a5f5c5 100644 +--- a/src/libstrongswan/asn1/asn1.c ++++ b/src/libstrongswan/asn1/asn1.c +@@ -296,7 +296,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner) + else + { /* composite length, determine number of length octets */ + len &= 0x7f; +- if (len == 0 || len > sizeof(res.len)) ++ if (len == 0 || len > blob->len || len > sizeof(res.len)) + { + return ASN1_INVALID; + } +-- +1.7.10.4 + diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.1.1.bb b/meta-networking/recipes-support/strongswan/strongswan_5.1.1.bb index 821d965..cfa9abc 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.1.1.bb +++ b/meta-networking/recipes-support/strongswan/strongswan_5.1.1.bb @@ -10,6 +10,7 @@ DEPENDS = "gmp openssl flex-native flex bison-native" SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \ file://fix-funtion-parameter.patch \ file://strongswan-5.0.0-5.1.2_reject_child_sa.patch \ + file://strongswan-4.3.3-5.1.1_asn1_unwrap.patch \ " SRC_URI[md5sum] = "e3af3d493d22286be3cd794533a8966a" -- 2.0.0 -- _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-devel
