diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-03-31 10:25:38 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-03-31 10:25:38 +0000 |
| commit | 188bacbfe68aa6cbbaaa6cbd26b334f634f23871 (patch) | |
| tree | 2d2b64b8b8f500424bbfc3c7d145bf0c12e008c1 /debian/patches | |
| parent | a386ee10459fcedea869de933c257a7cccaf7865 (diff) | |
| download | vyos-strongswan-188bacbfe68aa6cbbaaa6cbd26b334f634f23871.tar.gz vyos-strongswan-188bacbfe68aa6cbbaaa6cbd26b334f634f23871.zip | |
- Apply patch from security team.
Diffstat (limited to 'debian/patches')
| -rw-r--r-- | debian/patches/00list | 1 | ||||
| -rw-r--r-- | debian/patches/02-CVE-2009-0790.dpatch | 31 |
2 files changed, 32 insertions, 0 deletions
diff --git a/debian/patches/00list b/debian/patches/00list index e69de29bb..565571969 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -0,0 +1 @@ +02-CVE-2009-0790.dpatch diff --git a/debian/patches/02-CVE-2009-0790.dpatch b/debian/patches/02-CVE-2009-0790.dpatch new file mode 100644 index 000000000..1eef2fe3d --- /dev/null +++ b/debian/patches/02-CVE-2009-0790.dpatch @@ -0,0 +1,31 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +diff -urN strongswan-4.2.13/src/pluto/ipsec_doi.c strongswan-4.2.13-patched/src/pluto/ipsec_doi.c +--- strongswan-4.2.13/src/pluto/ipsec_doi.c 2009-03-21 09:41:49.000000000 +0100 ++++ strongswan-4.2.4/src/pluto/ipsec_doi.c 2009-03-21 09:50:06.000000000 +0100 +@@ -5446,9 +5446,9 @@ + time_t tm = now(); + u_int32_t seqno; + +- if (!IS_ISAKMP_SA_ESTABLISHED(st->st_state)) ++ if (!st || !IS_ISAKMP_SA_ESTABLISHED(st->st_state)) + { +- loglog(RC_LOG_SERIOUS, "DPD: Received R_U_THERE for unestablished ISKAMP SA"); ++ loglog(RC_LOG_SERIOUS, "DPD: Received R_U_THERE for unestablished ISAKMP SA"); + return STF_IGNORE; + } + if (n->isan_spisize != COOKIE_SIZE * 2 || pbs_left(pbs) < COOKIE_SIZE * 2) +@@ -5516,10 +5516,10 @@ + { + u_int32_t seqno; + +- if (!IS_ISAKMP_SA_ESTABLISHED(st->st_state)) ++ if (!st || !IS_ISAKMP_SA_ESTABLISHED(st->st_state)) + { + loglog(RC_LOG_SERIOUS +- , "DPD: Received R_U_THERE_ACK for unestablished ISKAMP SA"); ++ , "DPD: Received R_U_THERE_ACK for unestablished ISAKMP SA"); + return STF_FAIL; + } + |