From: Nicolas Thill Date: Sun, 24 May 2015 18:38:44 +0000 (+0200) Subject: ipsec-tools: fix null dereference in racoon X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=d8362b6d049a1e64b5294078e1e069697ff80df5;p=feed%2Fpackages.git ipsec-tools: fix null dereference in racoon * add a patch to fix a null pointer dereference in src/racoon/gssapi.c (CVE-2015-4047) * refresh patches * bumb release number Signed-off-by: Nicolas Thill --- diff --git a/net/ipsec-tools/Makefile b/net/ipsec-tools/Makefile index ae9c83c00d..d758b36237 100644 --- a/net/ipsec-tools/Makefile +++ b/net/ipsec-tools/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2011 OpenWrt.org +# Copyright (C) 2006-2015 OpenWrt.org # 2014 Noah Meyerhans # # This is free software, licensed under the GNU General Public License v2. @@ -11,7 +11,7 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=ipsec-tools PKG_VERSION:=0.8.2 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_MAINTAINER := "Noah Meyerhans " PKG_LICENSE := BSD-3-Clause diff --git a/net/ipsec-tools/patches/002-patch8-utmp.patch b/net/ipsec-tools/patches/002-patch8-utmp.patch index 16dc9237c9..5475390434 100644 --- a/net/ipsec-tools/patches/002-patch8-utmp.patch +++ b/net/ipsec-tools/patches/002-patch8-utmp.patch @@ -9,7 +9,7 @@ #if defined(__APPLE__) && defined(__MACH__) #include #endif -@@ -1661,7 +1661,8 @@ isakmp_cfg_accounting_system(port, raddr +@@ -1664,7 +1664,8 @@ isakmp_cfg_accounting_system(port, raddr int inout; { int error = 0; @@ -19,7 +19,7 @@ char addr[NI_MAXHOST]; if (usr == NULL || usr[0]=='\0') { -@@ -1670,34 +1671,37 @@ isakmp_cfg_accounting_system(port, raddr +@@ -1673,34 +1674,37 @@ isakmp_cfg_accounting_system(port, raddr return -1; } diff --git a/net/ipsec-tools/patches/003-microsoft-fqdn-in-main.patch b/net/ipsec-tools/patches/003-microsoft-fqdn-in-main.patch index 443d38d5e3..7174300da0 100644 --- a/net/ipsec-tools/patches/003-microsoft-fqdn-in-main.patch +++ b/net/ipsec-tools/patches/003-microsoft-fqdn-in-main.patch @@ -1,6 +1,6 @@ --- a/src/racoon/ipsec_doi.c +++ b/src/racoon/ipsec_doi.c -@@ -3582,8 +3582,8 @@ ipsecdoi_checkid1(iph1) +@@ -3581,8 +3581,8 @@ ipsecdoi_checkid1(iph1) iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_PSKEY) { if (id_b->type != IPSECDOI_ID_IPV4_ADDR && id_b->type != IPSECDOI_ID_IPV6_ADDR) { diff --git a/net/ipsec-tools/patches/007-force_have_policy_fwd.patch b/net/ipsec-tools/patches/007-force_have_policy_fwd.patch new file mode 100644 index 0000000000..69cd1c039d --- /dev/null +++ b/net/ipsec-tools/patches/007-force_have_policy_fwd.patch @@ -0,0 +1,12 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -732,7 +732,8 @@ case $host in + ], + [AC_MSG_RESULT(yes) + AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])], +- [AC_MSG_RESULT(no)]) ++ [AC_MSG_RESULT(forced) ++ AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])]) + ;; + *) + AC_MSG_RESULT(no) diff --git a/net/ipsec-tools/patches/008-racoon-fix_dereference_crash.patch b/net/ipsec-tools/patches/008-racoon-fix_dereference_crash.patch new file mode 100644 index 0000000000..5e3a2d4dda --- /dev/null +++ b/net/ipsec-tools/patches/008-racoon-fix_dereference_crash.patch @@ -0,0 +1,16 @@ +Fix null dereference in racoon/gssapi.c (CVE-2015-4047) + +--- a/src/racoon/gssapi.c ++++ b/src/racoon/gssapi.c +@@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1) + gss_name_t princ, canon_princ; + OM_uint32 maj_stat, min_stat; + ++ if (iph1->rmconf == NULL) { ++ plog(LLV_ERROR, LOCATION, NULL, "no remote config\n"); ++ return -1; ++ } ++ + gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state)); + if (gps == NULL) { + plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n"); diff --git a/net/ipsec-tools/patches/force_HAVE_POLICY_FWD b/net/ipsec-tools/patches/force_HAVE_POLICY_FWD deleted file mode 100644 index 24e64458ba..0000000000 --- a/net/ipsec-tools/patches/force_HAVE_POLICY_FWD +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 8506245..eca8895 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -724,7 +724,8 @@ case $host in - ], - [AC_MSG_RESULT(yes) - AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])], -- [AC_MSG_RESULT(no)]) -+ [AC_MSG_RESULT(forced) -+ AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])]) - ;; - *) - AC_MSG_RESULT(no)