vyos-strongswan.git/src/libstrongswan/credentials/sets, branch 1.3.3 (mirror of https://github.com/vyos/vyos-strongswan.git)
https://git.amelek.net/vyos/vyos-strongswan.git/atom?h=1.3.32021-11-24T15:17:39+00:00cert-cache: Prevent crash due to integer overflow/sign change2021-11-24T15:17:39+00:00Tobias Brunnertobias@strongswan.org2021-09-28T17:38:22+00:00urn:sha1:7d5961bab37fe964170fc020b24e6e71bf25cc19
random() allocates values in the range [0, RAND_MAX], with RAND_MAX usually
equaling INT_MAX = 2^31-1. Previously, values between 0 and 31 were added
directly to that offset before applying`% CACHE_SIZE` to get an index into
the cache array. If the random value was very high, this resulted in an
integer overflow and a negative index value and, therefore, an out-of-bounds
access of the array and in turn dereferencing invalid pointers when trying
to acquire the read lock. This most likely results in a segmentation fault.
Fixes: 764e8b2211ce ("reimplemented certificate cache")
Fixes: CVE-2021-41991
Signed-off-by: Daniil Baturin <daniil@vyos.io>
New upstream version 5.6.32018-06-04T07:59:21+00:00Yves-Alexis Perezcorsac@debian.org2018-06-04T07:59:21+00:00urn:sha1:51a71ee15c1bcf0e82f363a16898f571e211f9c3New upstream version 5.6.22018-02-19T17:17:21+00:00Yves-Alexis Perezcorsac@corsac.net2018-02-19T17:17:21+00:00urn:sha1:7793611ee71b576dd9c66dee327349fa64e38740New upstream version 5.6.12017-11-21T09:22:31+00:00Yves-Alexis Perezcorsac@corsac.net2017-11-21T09:22:31+00:00urn:sha1:e1d78dc2faaa06e7c3f71ef674a71e4de2f0758eNew upstream version 5.5.32017-05-30T18:59:31+00:00Yves-Alexis Perezcorsac@corsac.net2017-05-30T18:59:31+00:00urn:sha1:bba25e2ff6c4a193acb54560ea4417537bd2954eNew upstream version 5.5.22017-04-01T14:26:44+00:00Yves-Alexis Perezcorsac@corsac.net2017-04-01T14:26:44+00:00urn:sha1:05ddd767992d68bb38c7f16ece142e8c2e9ae016New upstream version 5.5.12016-10-20T14:18:38+00:00Yves-Alexis Perezcorsac@debian.org2016-10-20T14:18:38+00:00urn:sha1:25663e04c3ab01ef8dc9f906608282319cfea2dbImported Upstream version 5.5.02016-07-16T13:19:53+00:00Yves-Alexis Perezcorsac@debian.org2016-07-16T13:19:53+00:00urn:sha1:bf372706c469764d59e9f29c39e3ecbebd72b8d2Imported Upstream version 5.3.32015-10-22T09:43:58+00:00Yves-Alexis Perezcorsac@debian.org2015-10-22T09:43:58+00:00urn:sha1:5dca9ea0e2931f0e2a056c7964d311bcc30a01b8Imported Upstream version 5.3.02015-04-11T20:03:59+00:00Yves-Alexis Perezcorsac@debian.org2015-04-11T20:03:59+00:00urn:sha1:83b8aebb19fe6e49e13a05d4e8f5ab9a06177642