main/strongswan: cherry-pick upstream fixes

also fixes a minor memory leak in patch 1001 (the offending hunk is
now just deleted, as other upstream commits fixed the issue it tried
to address)

1 files changed, 68 insertions, 0 deletions

diff --git a/main/strongswan/0401-printf-hook-builtin-Fix-invalid-memory-access.patch b/main/strongswan/0401-printf-hook-builtin-Fix-invalid-memory-access.patch
new file mode 100644
index 0000000000..630151b406
--- /dev/null
+++ b/main/strongswan/0401-printf-hook-builtin-Fix-invalid-memory-access.patch
@@ -0,0 +1,68 @@
+From 944e99d57243fb42ccb2be475c8386a0c4c116f4 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Mon, 27 Jul 2015 11:18:53 +0200
+Subject: [PATCH] printf-hook-builtin: Fix invalid memory access
+
+When precision is given for a string, we must not run unbounded
+strlen() as it will read beyond the given length. It might even cause
+a crash if the given pointer is near end of heap or mapping.
+
+Fixes numerous valgrind errors such as:
+
+==19215== Invalid read of size 1
+==19215==    at 0x52D36C6: builtin_vsnprintf (printf_hook_builtin.c:853)
+==19215==    by 0x52D40A8: builtin_snprintf (printf_hook_builtin.c:1084)
+==19215==    by 0x52CE464: dntoa (identification.c:337)
+==19215==    by 0x52CE464: identification_printf_hook (identification.c:837)
+==19215==    by 0x52D3DAA: builtin_vsnprintf (printf_hook_builtin.c:1010)
+==19215==    by 0x57040EB: vlog (bus.c:388)
+==19215==    by 0x570427D: log_ (bus.c:430)
+==19215==    by 0xA8445D3: load_x509_ca (stroke_cred.c:416)
+==19215==    by 0xA8445D3: load_certdir (stroke_cred.c:537)
+==19215==    by 0xA846A95: load_certs (stroke_cred.c:1353)
+==19215==    by 0xA846A95: stroke_cred_create (stroke_cred.c:1475)
+==19215==    by 0xA84073E: stroke_socket_create (stroke_socket.c:782)
+==19215==    by 0xA83F27C: register_stroke (stroke_plugin.c:53)
+==19215==    by 0x52C3125: load_feature (plugin_loader.c:716)
+==19215==    by 0x52C3125: load_provided (plugin_loader.c:778)
+==19215==    by 0x52C3A20: load_features (plugin_loader.c:799)
+==19215==    by 0x52C3A20: load_plugins (plugin_loader.c:1159)
+==19215==  Address 0x50cdb42 is 0 bytes after a block of size 2 alloc'd
+==19215==    at 0x4C919FE: malloc (vg_replace_malloc.c:296)
+==19215==    by 0x52CD198: chunk_printable (chunk.c:759)
+==19215==    by 0x52CE442: dntoa (identification.c:334)
+==19215==    by 0x52CE442: identification_printf_hook (identification.c:837)
+==19215==    by 0x52D3DAA: builtin_vsnprintf (printf_hook_builtin.c:1010)
+==19215==    by 0x57040EB: vlog (bus.c:388)
+==19215==    by 0x570427D: log_ (bus.c:430)
+==19215==    by 0xA8445D3: load_x509_ca (stroke_cred.c:416)
+==19215==    by 0xA8445D3: load_certdir (stroke_cred.c:537)
+==19215==    by 0xA846A95: load_certs (stroke_cred.c:1353)
+==19215==    by 0xA846A95: stroke_cred_create (stroke_cred.c:1475)
+==19215==    by 0xA84073E: stroke_socket_create (stroke_socket.c:782)
+==19215==    by 0xA83F27C: register_stroke (stroke_plugin.c:53)
+==19215==    by 0x52C3125: load_feature (plugin_loader.c:716)
+==19215==    by 0x52C3125: load_provided (plugin_loader.c:778)
+==19215==    by 0x52C3A20: load_features (plugin_loader.c:799)
+==19215==    by 0x52C3A20: load_plugins (plugin_loader.c:1159)
+---
+ src/libstrongswan/utils/printf_hook/printf_hook_builtin.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c b/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c
+index 466c673..af54940 100644
+--- a/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c
++++ b/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c
+@@ -843,7 +843,8 @@ int builtin_vsnprintf(char *buffer, size_t n, const char *format, va_list ap)
+ 								/* String */
+ 								sarg = va_arg(ap, const char *);
+ 								sarg = sarg ? sarg : "(null)";
+-								slen = strlen(sarg);
++								slen = prec != -1 ? strnlen(sarg, prec)
++												  : strlen(sarg);
+ 								goto is_string;
+ 							}
+ 							case 'm':
+-- 
+2.4.6
+