From: Nicolas Thill Date: Thu, 9 Jul 2009 11:49:29 +0000 (+0000) Subject: [packages] openswan: add 2 security fixes in 8.09 branch (closes: #5484), bump releas... X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=b1ccd4eb6a9efb31fb69f640864684acdc3abf14;p=openwrt%2Fsvn-archive%2Farchive.git [packages] openswan: add 2 security fixes in 8.09 branch (closes: #5484), bump release number SVN-Revision: 16749 --- diff --git a/net/openswan/Makefile b/net/openswan/Makefile index 3901c3605b..f0135db9ec 100644 --- a/net/openswan/Makefile +++ b/net/openswan/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2008 OpenWrt.org +# Copyright (C) 2006-2009 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -11,7 +11,7 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=openswan PKG_VERSION:=2.6.18 -PKG_RELEASE:=1 +PKG_RELEASE:=1.1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.openswan.org/download diff --git a/net/openswan/patches/901-cve-2009-0790.patch b/net/openswan/patches/901-cve-2009-0790.patch new file mode 100644 index 0000000000..db98012565 --- /dev/null +++ b/net/openswan/patches/901-cve-2009-0790.patch @@ -0,0 +1,22 @@ +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0790 + +--- a/programs/pluto/ikev1.c ++++ b/programs/pluto/ikev1.c +@@ -657,9 +657,17 @@ informational(struct msg_digest *md) + switch (n->isan_type) + { + case R_U_THERE: ++ if(st==NULL) { ++ loglog(RC_LOG_SERIOUS, "received bogus R_U_THERE informational message"); ++ return STF_IGNORE; ++ } + return dpd_inI_outR(st, n, n_pbs); + + case R_U_THERE_ACK: ++ if(st==NULL) { ++ loglog(RC_LOG_SERIOUS, "received bogus R_U_THERE_ACK informational message"); ++ return STF_IGNORE; ++ } + return dpd_inR(st, n, n_pbs); + + case PAYLOAD_MALFORMED: diff --git a/net/openswan/patches/902-cve-2009-2185.patch b/net/openswan/patches/902-cve-2009-2185.patch new file mode 100644 index 0000000000..b966a2a0a2 --- /dev/null +++ b/net/openswan/patches/902-cve-2009-2185.patch @@ -0,0 +1,89 @@ +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2185 + +--- a/lib/libopenswan/asn1.c ++++ b/lib/libopenswan/asn1.c +@@ -11,7 +11,6 @@ + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * +- * RCSID $Id: asn1.c,v 1.10 2005/08/05 17:33:27 mcr Exp $ + */ + + #include +@@ -107,6 +106,14 @@ asn1_length(chunk_t *blob) + len = 256*len + *blob->ptr++; + blob->len--; + } ++ if (len > blob->len) ++ { ++ DBG(DBG_PARSING, ++ DBG_log("length is larger than remaining blob size") ++ ) ++ return ASN1_INVALID_LENGTH; ++ } ++ + return len; + } + +@@ -237,13 +244,21 @@ asn1totime(const chunk_t *utctime, asn1_ + int tz_hour, tz_min; + + sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min); ++ if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2) ++ { ++ return 0; /* error in positive timezone offset format */ ++ } ++ + tz_offset = 3600*tz_hour + 60*tz_min; /* positive time zone offset */ + } + else if ((eot = memchr(utctime->ptr, '-', utctime->len)) != NULL) + { + int tz_hour, tz_min; + +- sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min); ++ if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2) ++ { ++ return 0; /* error in negative timezone offset format */ ++ } + tz_offset = -3600*tz_hour - 60*tz_min; /* negative time zone offset */ + } + else +@@ -255,14 +270,22 @@ asn1totime(const chunk_t *utctime, asn1_ + const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d": + "%4d%2d%2d%2d%2d"; + +- sscanf((char *)utctime->ptr, format, &t.tm_year, &t.tm_mon, &t.tm_mday, +- &t.tm_hour, &t.tm_min); ++ if (sscanf(utctime->ptr, format, &t.tm_year, &t.tm_mon, &t.tm_mday, ++ &t.tm_hour, &t.tm_min) != 5) ++ { ++ return 0; /* error in time st [yy]yymmddhhmm time format */ ++ } ++ + } + + /* is there a seconds field? */ + if ((eot - (char *)utctime->ptr) == ((type == ASN1_UTCTIME)?12:14)) + { +- sscanf(eot-2, "%2d", &t.tm_sec); ++ if (sscanf(eot-2, "%2d", &t.tm_sec) != 1) ++ { ++ return 0; /* error in ss seconds field format */ ++ } ++ + } + else + { +@@ -283,7 +306,11 @@ asn1totime(const chunk_t *utctime, asn1_ + t.tm_year += 100; + } + +- /* representation of month 0..11*/ ++ if (t.tm_mon < 1 || t.tm_mon > 12) ++ { ++ return 0; /* error in month format */ ++ } ++ /* representation of month 0..11 in struct tm */ + t.tm_mon--; + + /* set daylight saving time to off */