CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-04 16:10:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

strongswan: Security Advisory - strongswan - CVE-2014-2891

Browse Source 
strongSwan before 5.1.2 allows remote attackers to cause a denial of
service (NULL pointer dereference and IKE daemon crash) via a crafted
ID_DER_ASN1_DN ID payload.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2891

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This commit is contained in:
Yue Tao 2014-07-28 04:17:05 -04:00 committed by Joe MacDonald
parent 7d9440a1e7
commit 18bea20781
2 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
meta-networking/recipes-support/strongswan/files/strongswan-4.3.3-5.1.1_asn1_unwrap.patch Normal file
View File

@ -0,0 +1,28 @@
strongswan: asn1: Properly check length in asn1_unwrap()
Fixes CVE-2014-2891 in strongSwan releases 4.3.3-5.1.1.
Upstream-Status: Pending
Signed-off-by: Yue Tao <yue.tao@windriver.com>
---
src/libstrongswan/asn1/asn1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index d860ad9..9a5f5c5 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -296,7 +296,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner)
else
{ /* composite length, determine number of length octets */
len &= 0x7f;
- if (len == 0 || len > sizeof(res.len))
+ if (len == 0 || len > blob->len || len > sizeof(res.len))
{
return ASN1_INVALID;
}
--
1.7.10.4

1
meta-networking/recipes-support/strongswan/strongswan_5.1.1.bb
View File

@ -10,6 +10,7 @@ DEPENDS = "gmp openssl flex-native flex bison-native"
SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \
file://fix-funtion-parameter.patch \
file://strongswan-5.0.0-5.1.2_reject_child_sa.patch \
file://strongswan-4.3.3-5.1.1_asn1_unwrap.patch \
"
SRC_URI[md5sum] = "e3af3d493d22286be3cd794533a8966a"