From a4e92d627f1b09c04531c883313a2d4a61fad83d Mon Sep 17 00:00:00 2001
From: Leonardo Arena <rnalrd@alpinelinux.org>
Date: Mon, 23 Oct 2017 14:37:04 +0000
Subject: main/strongswan: security fix (CVE-2017-11185)

fixes #7906
---
 main/strongswan/APKBUILD             |  8 +++++-
 main/strongswan/CVE-2017-11185.patch | 50 ++++++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 main/strongswan/CVE-2017-11185.patch

diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD
index 584e5c9723..f84e7948b9 100644
--- a/main/strongswan/APKBUILD
+++ b/main/strongswan/APKBUILD
@@ -3,7 +3,7 @@
 pkgname=strongswan
 pkgver=5.3.5
 _pkgver=${pkgver//_rc/rc}
-pkgrel=3
+pkgrel=4
 pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
 url="http://www.strongswan.org/"
 arch="all"
@@ -25,6 +25,7 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
 	2001-support-gre-key-in-ikev1.patch
 	CVE-2017-9022.patch
 	CVE-2017-9023.patch
+	CVE-2017-11185.patch
 
 	strongswan.initd
 	charon.initd"
@@ -32,6 +33,8 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
 _builddir="$srcdir/$pkgname-$_pkgver"
 
 # secfixes:
+#   5.3.5-r4:
+#     - CVE-2017-11185
 #   5.3.5-r2:
 #     - CVE-2017-9022
 #     - CVE-2017-9023
@@ -129,6 +132,7 @@ md5sums="a2f9ea185f27e7f8413d4cd2ee61efe4  strongswan-5.3.5.tar.bz2
 ccb77ee342e1b3108a49262549bbbf36  2001-support-gre-key-in-ikev1.patch
 e86511ed5f224224cc479d34d7690f51  CVE-2017-9022.patch
 54049b04a17893f0042509b1f5751bfe  CVE-2017-9023.patch
+5676d26b3fb36a2529b5b53e1f2a992a  CVE-2017-11185.patch
 72a956819c451931d3d31a528a0d1b9c  strongswan.initd
 a7993f28e4eacc61f51722044645587e  charon.initd"
 sha256sums="2c84b663da652b1ff180a1a73c24a3d7b9fc4b9b8ba6bd07f94a1e33092e6350  strongswan-5.3.5.tar.bz2
@@ -140,6 +144,7 @@ sha256sums="2c84b663da652b1ff180a1a73c24a3d7b9fc4b9b8ba6bd07f94a1e33092e6350  st
 bbdbc73ba6cafaaab1ea303eec6d026ebb50ecd12b7c32be0b4dfeaf8ae24245  2001-support-gre-key-in-ikev1.patch
 f5ba7f46cf7ae81dd81bc86f9e4cfa0c5c7c6987149b3bc9c0b8bf08598a1063  CVE-2017-9022.patch
 03db8c7a4133e877e8992e155c046dd27ec4810d50f239abf55595f0280caf31  CVE-2017-9023.patch
+c80e02c9a5eeaf10f0a8bdde3be6375dd2833e515af03dad3a700e93c4fd041a  CVE-2017-11185.patch
 fdb781fa59700ca83b9fd2f2ff0b9c45467448ebd82da96286b3e2aa477ef7f4  strongswan.initd
 7bcc57e4a778f87645c6b9d76ba2c04e1c11c326bc9a4968561788711c7fe58a  charon.initd"
 sha512sums="4e6dd124d9a73ad5baf08998a284aba5c02c9dc79e4377e2cbd14c285d1df8e29c0548d347a0fdfa19341b1ae27b560ae9d8d25260898630351230b11c6eb2bb  strongswan-5.3.5.tar.bz2
@@ -151,5 +156,6 @@ dd6d8bad4de89d77d92c93c890935880eaa55dc056eac92100fe034c1c045e0771995db58f9787a9
 0e554a6117f51a564a1b269c9ed2f2858d22ef61df483e2eb09997a3075444deb10df9d0cc8b9ddbe2bb2f740640860c21b1492a9ec28657844fa9c41b822bfc  2001-support-gre-key-in-ikev1.patch
 667bbce53de819ac1c885d451b821520d70384d9c4d6d437c6bac571b9e5ab0a74344249aa967f625f4665bcd3d9d2cb62b465838d68aea2dae5e4f52e3e64fd  CVE-2017-9022.patch
 44bc2802bf5bf093e3ea17fedc7b50d3ee3d7bf22c097b02a368c9ddf9772e2c13efe72c8b41ff173d2ef4c80cd1981a3db892c5cb2f05ccac627b294cde3e3d  CVE-2017-9023.patch
+276bcbd0cd3c550ddd4b3f5dfbcb490bb1e50ec8ed97789944409e3c05232903b99332c653cec9c9cf46eab445fd67113d1babef32156b1a5c77a68d2b83260b  CVE-2017-11185.patch
 8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9  strongswan.initd
 1c44c801f66305c0331f76e580c0d60f1b7d5cd3cc371be55826b06c3899f542664628a912a7fb48626e34d864f72ca5dcd34b2f0d507c4f19c510d0047054c1  charon.initd"
diff --git a/main/strongswan/CVE-2017-11185.patch b/main/strongswan/CVE-2017-11185.patch
new file mode 100644
index 0000000000..f062fdd8f0
--- /dev/null
+++ b/main/strongswan/CVE-2017-11185.patch
@@ -0,0 +1,50 @@
+From ed282e9a463c068146c945984fdea7828e663861 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Mon, 29 May 2017 11:59:34 +0200
+Subject: [PATCH] gmp: Fix RSA signature verification for m >= n
+
+By definition, m must be <= n-1, we didn't enforce that and because
+mpz_export() returns NULL if the passed value is zero a crash could have
+been triggered with m == n.
+
+Fixes CVE-2017-11185.
+---
+ src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+index 32a72ac9600b..a741f85d4f62 100644
+--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
++++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+@@ -78,11 +78,17 @@ static chunk_t rsaep(private_gmp_rsa_public_key_t *this, chunk_t data)
+ 	mpz_t m, c;
+ 	chunk_t encrypted;
+ 
+-	mpz_init(c);
+ 	mpz_init(m);
+-
+ 	mpz_import(m, data.len, 1, 1, 1, 0, data.ptr);
+ 
++	if (mpz_cmp_ui(m, 0) <= 0 || mpz_cmp(m, this->n) >= 0)
++	{	/* m must be <= n-1, but 0 is a valid value, doesn't really make sense
++		 * here, though */
++		mpz_clear(m);
++		return chunk_empty;
++	}
++
++	mpz_init(c);
+ 	mpz_powm(c, m, this->e, this->n);
+ 
+ 	encrypted.len = this->k;
+@@ -150,7 +156,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
+ 	 */
+ 
+ 	/* check magic bytes */
+-	if (*(em.ptr) != 0x00 || *(em.ptr+1) != 0x01)
++	if (em.len < 2 || *(em.ptr) != 0x00 || *(em.ptr+1) != 0x01)
+ 	{
+ 		goto end;
+ 	}
+-- 
+2.7.4
+
-- 
cgit v1.2.3