* [Buildroot] [PATCH] strongswan: add security patches
@ 2013-11-01 13:54 Gustavo Zacarias
2013-11-01 14:28 ` Thomas Petazzoni
0 siblings, 1 reply; 2+ messages in thread
From: Gustavo Zacarias @ 2013-11-01 13:54 UTC (permalink / raw)
To: buildroot
Security patches to fix CVE-2013-5018, CVE-2013-6075 and CVE-2013-6076.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
.../strongswan-0003-CVE-2013-5018-fix.patch | 29 ++++++++++++++++++++++
.../strongswan-0004-CVE-2013-6075-fix.patch | 27 ++++++++++++++++++++
.../strongswan-0005-CVE-2013-6076-fix.patch | 27 ++++++++++++++++++++
3 files changed, 83 insertions(+)
create mode 100644 package/strongswan/strongswan-0003-CVE-2013-5018-fix.patch
create mode 100644 package/strongswan/strongswan-0004-CVE-2013-6075-fix.patch
create mode 100644 package/strongswan/strongswan-0005-CVE-2013-6076-fix.patch
diff --git a/package/strongswan/strongswan-0003-CVE-2013-5018-fix.patch b/package/strongswan/strongswan-0003-CVE-2013-5018-fix.patch
new file mode 100644
index 0000000..e30ac31
--- /dev/null
+++ b/package/strongswan/strongswan-0003-CVE-2013-5018-fix.patch
@@ -0,0 +1,29 @@
+From 057265e0183ddf52d56f21adaf0db0f3dc6585a4 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Mon, 29 Jul 2013 23:45:38 +0200
+Subject: [PATCH] asn1: Fix handling of invalid ASN.1 length in is_asn1()
+
+Fixes CVE-2013-5018.
+---
+ src/libstrongswan/asn1/asn1.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
+index 68f37f4..d860ad9 100644
+--- a/src/libstrongswan/asn1/asn1.c
++++ b/src/libstrongswan/asn1/asn1.c
+@@ -642,6 +642,11 @@ bool is_asn1(chunk_t blob)
+
+ len = asn1_length(&blob);
+
++ if (len == ASN1_INVALID_LENGTH)
++ {
++ return FALSE;
++ }
++
+ /* exact match */
+ if (len == blob.len)
+ {
+--
+1.7.10.4
+
diff --git a/package/strongswan/strongswan-0004-CVE-2013-6075-fix.patch b/package/strongswan/strongswan-0004-CVE-2013-6075-fix.patch
new file mode 100644
index 0000000..be3279a
--- /dev/null
+++ b/package/strongswan/strongswan-0004-CVE-2013-6075-fix.patch
@@ -0,0 +1,27 @@
+From aa277adfc204b6bda2c3792710138f9a8723a8f1 Mon Sep 17 00:00:00 2001
+From: Martin Willi <martin@revosec.ch>
+Date: Mon, 7 Oct 2013 14:21:57 +0200
+Subject: [PATCH] identification: Properly check length before comparing for
+ binary DN equality
+
+Fixes CVE-2013-6075.
+---
+ src/libstrongswan/utils/identification.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
+index 5df3e5f..9c43ad5 100644
+--- a/src/libstrongswan/utils/identification.c
++++ b/src/libstrongswan/utils/identification.c
+@@ -602,7 +602,7 @@ static bool compare_dn(chunk_t t_dn, chunk_t o_dn, int *wc)
+ }
+ }
+ /* try a binary compare */
+- if (memeq(t_dn.ptr, o_dn.ptr, t_dn.len))
++ if (chunk_equals(t_dn, o_dn))
+ {
+ return TRUE;
+ }
+--
+1.8.1.2
+
diff --git a/package/strongswan/strongswan-0005-CVE-2013-6076-fix.patch b/package/strongswan/strongswan-0005-CVE-2013-6076-fix.patch
new file mode 100644
index 0000000..40b1793
--- /dev/null
+++ b/package/strongswan/strongswan-0005-CVE-2013-6076-fix.patch
@@ -0,0 +1,27 @@
+From d8867a8452eece3fffab29605f48e6bed47c42d4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Volker=20R=C3=BCmelin?= <vr_strongswan@t-online.de>
+Date: Fri, 11 Oct 2013 09:38:24 +0200
+Subject: [PATCH] ikev1: Properly initialize list of fragments in case fragment
+ ID is 0
+
+Fixes CVE-2013-6076.
+---
+ src/libcharon/sa/ikev1/task_manager_v1.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
+index 6d4ef14..597416e 100644
+--- a/src/libcharon/sa/ikev1/task_manager_v1.c
++++ b/src/libcharon/sa/ikev1/task_manager_v1.c
+@@ -1273,7 +1273,7 @@ static status_t handle_fragment(private_task_manager_t *this, message_t *msg)
+ return FAILED;
+ }
+
+- if (this->frag.id != payload->get_id(payload))
++ if (!this->frag.list || this->frag.id != payload->get_id(payload))
+ {
+ clear_fragments(this, payload->get_id(payload));
+ this->frag.list = linked_list_create();
+--
+1.8.1.2
+
--
1.8.1.5
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Buildroot] [PATCH] strongswan: add security patches
2013-11-01 13:54 [Buildroot] [PATCH] strongswan: add security patches Gustavo Zacarias
@ 2013-11-01 14:28 ` Thomas Petazzoni
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni @ 2013-11-01 14:28 UTC (permalink / raw)
To: buildroot
Dear Gustavo Zacarias,
On Fri, 1 Nov 2013 10:54:27 -0300, Gustavo Zacarias wrote:
> Security patches to fix CVE-2013-5018, CVE-2013-6075 and CVE-2013-6076.
>
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> ---
> .../strongswan-0003-CVE-2013-5018-fix.patch | 29 ++++++++++++++++++++++
> .../strongswan-0004-CVE-2013-6075-fix.patch | 27 ++++++++++++++++++++
> .../strongswan-0005-CVE-2013-6076-fix.patch | 27 ++++++++++++++++++++
> 3 files changed, 83 insertions(+)
> create mode 100644 package/strongswan/strongswan-0003-CVE-2013-5018-fix.patch
> create mode 100644 package/strongswan/strongswan-0004-CVE-2013-6075-fix.patch
> create mode 100644 package/strongswan/strongswan-0005-CVE-2013-6076-fix.patch
Applied to for-peter-2013.11, thanks!
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-11-01 14:28 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-11-01 13:54 [Buildroot] [PATCH] strongswan: add security patches Gustavo Zacarias
2013-11-01 14:28 ` Thomas Petazzoni
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox