summaryrefslogtreecommitdiff
path: root/debian/patches
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2013-10-25 07:15:00 +0200
committerYves-Alexis Perez <corsac@debian.org>2013-10-31 13:54:13 +0100
commitf062a22a7324de6096c775d4ab8941c168bc4c00 (patch)
tree6b6682b3a68bb253adab7b9e4fa8b7c4bc5dd675 /debian/patches
parente57cde5b5d03b838d08da2605bcab68d8aa3b502 (diff)
downloadvyos-strongswan-f062a22a7324de6096c775d4ab8941c168bc4c00.tar.gz
vyos-strongswan-f062a22a7324de6096c775d4ab8941c168bc4c00.zip
add patch for CVE-2013-6075
fixing denial of service and authorization bypass
Diffstat (limited to 'debian/patches')
-rw-r--r--debian/patches/CVE-2013-6075.patch27
-rw-r--r--debian/patches/series1
2 files changed, 28 insertions, 0 deletions
diff --git a/debian/patches/CVE-2013-6075.patch b/debian/patches/CVE-2013-6075.patch
new file mode 100644
index 000000000..d50616a60
--- /dev/null
+++ b/debian/patches/CVE-2013-6075.patch
@@ -0,0 +1,27 @@
+From aa277adfc204b6bda2c3792710138f9a8723a8f1 Mon Sep 17 00:00:00 2001
+From: Martin Willi <martin@revosec.ch>
+Date: Mon, 7 Oct 2013 14:21:57 +0200
+Subject: [PATCH] identification: Properly check length before comparing for
+ binary DN equality
+
+Fixes CVE-2013-6075.
+---
+ src/libstrongswan/utils/identification.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
+index 5df3e5f..9c43ad5 100644
+--- a/src/libstrongswan/utils/identification.c
++++ b/src/libstrongswan/utils/identification.c
+@@ -602,7 +602,7 @@ static bool compare_dn(chunk_t t_dn, chunk_t o_dn, int *wc)
+ }
+ }
+ /* try a binary compare */
+- if (memeq(t_dn.ptr, o_dn.ptr, t_dn.len))
++ if (chunk_equals(t_dn, o_dn))
+ {
+ return TRUE;
+ }
+--
+1.8.1.2
+
diff --git a/debian/patches/series b/debian/patches/series
index 2cf256b6c..3db0e29a8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
01_fix-manpages.patch
+CVE-2013-6075.patch
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-22 08:07:21 +0000