diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-06-24 18:22:00 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-06-24 18:22:00 +0000 |
| commit | 850aa85bfe6b4dd05eaca28349a8f98f06a2f834 (patch) | |
| tree | 4be964057a4a50b39e4cf1d95a0aed8e687ce43e | |
| parent | f9da74f5b8464405e323bb9b6b8a2aa30a825060 (diff) | |
| download | vyos-strongswan-850aa85bfe6b4dd05eaca28349a8f98f06a2f834.tar.gz vyos-strongswan-850aa85bfe6b4dd05eaca28349a8f98f06a2f834.zip | |
Fix snprintf vulnerability by adding upstream-provided patch.
| -rw-r--r-- | patches/series | 1 | ||||
| -rw-r--r-- | patches/snprintf-fix-4.4.0.patch | 105 |
2 files changed, 106 insertions, 0 deletions
diff --git a/patches/series b/patches/series new file mode 100644 index 000000000..326403814 --- /dev/null +++ b/patches/series @@ -0,0 +1 @@ +snprintf-fix-4.4.0.patch diff --git a/patches/snprintf-fix-4.4.0.patch b/patches/snprintf-fix-4.4.0.patch new file mode 100644 index 000000000..467bd2023 --- /dev/null +++ b/patches/snprintf-fix-4.4.0.patch @@ -0,0 +1,105 @@ +From 96e2f9f3a70a7c918772f7dde57c6cb8befbc60e Mon Sep 17 00:00:00 2001 +From: Martin Willi <martin@revosec.ch> +Date: Fri, 18 Jun 2010 09:18:27 +0200 +Subject: [PATCH] snprintf() fixes, version 4.4.0 + +--- + .../credentials/ietf_attributes/ietf_attributes.c | 13 +++++++++++-- + src/libstrongswan/utils/identification.c | 12 ++++++++++++ + src/pluto/x509.c | 4 ++++ + 3 files changed, 27 insertions(+), 2 deletions(-) + +diff --git a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c +index ff3ddeb..de5b85b 100644 +--- a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c ++++ b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c +@@ -159,7 +159,7 @@ static char* get_string(private_ietf_attributes_t *this) + enumerator = this->list->create_enumerator(this->list); + while (enumerator->enumerate(enumerator, &attr)) + { +- int written = 0; ++ int written; + + if (first) + { +@@ -168,8 +168,12 @@ static char* get_string(private_ietf_attributes_t *this) + else + { + written = snprintf(pos, len, ", "); ++ if (written < 0 || written >= len) ++ { ++ break; ++ } + pos += written; +- len -= written; ++ len -= written; + } + + switch (attr->type) +@@ -194,8 +198,13 @@ static char* get_string(private_ietf_attributes_t *this) + break; + } + default: ++ written = 0; + break; + } ++ if (written < 0 || written >= len) ++ { ++ break; ++ } + pos += written; + len -= written; + } +diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c +index b0da340..cff24d7 100644 +--- a/src/libstrongswan/utils/identification.c ++++ b/src/libstrongswan/utils/identification.c +@@ -297,18 +297,30 @@ static void dntoa(chunk_t dn, char *buf, size_t len) + { + written = snprintf(buf, len,"%s=", oid_names[oid].name); + } ++ if (written < 0 || written >= len) ++ { ++ break; ++ } + buf += written; + len -= written; + + chunk_printable(data, &printable, '?'); + written = snprintf(buf, len, "%.*s", printable.len, printable.ptr); + chunk_free(&printable); ++ if (written < 0 || written >= len) ++ { ++ break; ++ } + buf += written; + len -= written; + + if (data.ptr + data.len != dn.ptr + dn.len) + { + written = snprintf(buf, len, ", "); ++ if (written < 0 || written >= len) ++ { ++ break; ++ } + buf += written; + len -= written; + } +diff --git a/src/pluto/x509.c b/src/pluto/x509.c +index d8e8879..0dcc4fe 100644 +--- a/src/pluto/x509.c ++++ b/src/pluto/x509.c +@@ -393,6 +393,10 @@ void list_x509cert_chain(const char *caption, cert_t* cert, + { + written = snprintf(pos, len, ", %Y", id); + } ++ if (written < 0 || written >= len) ++ { ++ break; ++ } + pos += written; + len -= written; + } +-- +1.7.0.4 + |