diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2013-05-17 09:40:13 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-05-17 09:40:13 +0000 |
| commit | ca6f0ad926d2fabed66a049927cea2eb176581da (patch) | |
| tree | f8628a402e4a6f4f81be2b2963724e80c4a92e67 /main/openswan/openswan-libreswan-backport-949437-do_3des.patch | |
| parent | 8b2da88e8e533e78dfec86f9d1ed4e5cadfa4ca8 (diff) | |
| download | aports-ca6f0ad926d2fabed66a049927cea2eb176581da.tar.bz2 aports-ca6f0ad926d2fabed66a049927cea2eb176581da.tar.xz | |
main/openswan: securiy fix remote buffer overflow in atodn() (CVE-2013-2053)
patches are from http://libreswan.org/security/CVE-2013-2053/
fixes #1895
Diffstat (limited to 'main/openswan/openswan-libreswan-backport-949437-do_3des.patch')
| -rw-r--r-- | main/openswan/openswan-libreswan-backport-949437-do_3des.patch | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/main/openswan/openswan-libreswan-backport-949437-do_3des.patch b/main/openswan/openswan-libreswan-backport-949437-do_3des.patch new file mode 100644 index 000000000..75dbe3b63 --- /dev/null +++ b/main/openswan/openswan-libreswan-backport-949437-do_3des.patch @@ -0,0 +1,61 @@ +From acdd65497d164082e0462b3f2d4407f0c50ccf71 Mon Sep 17 00:00:00 2001 +From: Florian Weimer <fweimer@redhat.com> +Date: Wed, 10 Apr 2013 10:32:52 +0200 +Subject: [PATCH 06/10] do_3des: Abort on failure + +The routine cannot signal encryption failures to the caller +and would leave the buffer unencrypted on error. +--- + lib/libopenswan/pem.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/lib/libopenswan/pem.c b/lib/libopenswan/pem.c +index 36da401..d42655a 100644 +--- a/lib/libopenswan/pem.c ++++ b/lib/libopenswan/pem.c +@@ -483,7 +483,7 @@ void do_3des_nss(u_int8_t *buf, size_t buf_len + memcpy(&symkey, key, key_size); + if (symkey == NULL) { + loglog(RC_LOG_SERIOUS, "do_3des: NSS derived enc key is NULL \n"); +- goto out; ++ abort(); + } + + ivitem.type = siBuffer; +@@ -493,7 +493,7 @@ void do_3des_nss(u_int8_t *buf, size_t buf_len + secparam = PK11_ParamFromIV(ciphermech, &ivitem); + if (secparam == NULL) { + loglog(RC_LOG_SERIOUS, "do_3des: Failure to set up PKCS11 param (err %d)\n",PR_GetError()); +- goto out; ++ abort(); + } + + outlen = 0; +@@ -505,8 +505,15 @@ void do_3des_nss(u_int8_t *buf, size_t buf_len + } + + enccontext = PK11_CreateContextBySymKey(ciphermech, enc? CKA_ENCRYPT: CKA_DECRYPT, symkey, secparam); ++ if (enccontext == NULL) { ++ loglog(RC_LOG_SERIOUS, "do_3des: PKCS11 context creation failure (err %d)\n", PR_GetError()); ++ abort(); ++ } + rv = PK11_CipherOp(enccontext, tmp_buf, &outlen, buf_len, buf, buf_len); +- passert(rv==SECSuccess); ++ if (rv != SECSuccess) { ++ loglog(RC_LOG_SERIOUS, "do_3des: PKCS11 operation failure (err %d)\n", PR_GetError()); ++ abort(); ++ } + + if(enc) { + memcpy(new_iv, (char*) tmp_buf + buf_len-DES_CBC_BLOCK_SIZE, DES_CBC_BLOCK_SIZE); +@@ -518,7 +525,6 @@ void do_3des_nss(u_int8_t *buf, size_t buf_len + PR_Free(tmp_buf); + PR_Free(new_iv); + +-out: + if (secparam) { + SECITEM_FreeItem(secparam, PR_TRUE); + } +-- +1.8.1.4 + |