cert-cache: Prevent crash due to integer overflow/sign change - vyos-strongswan.git - (mirror of https://github.com/vyos/vyos-strongswan.git)

diff options

author	Tobias Brunner <tobias@strongswan.org>	2021-09-28 19:38:22 +0200
committer	Daniil Baturin <daniil@vyos.io>	2021-11-24 10:17:39 -0500
commit	7d5961bab37fe964170fc020b24e6e71bf25cc19 (patch)
tree	714132814e13944d2fcf1acac98cc998015ace96 /ltmain.sh
parent	b22f839a05d88cb35dfa8dfc9fa814e6e8dfe67c (diff)
download	vyos-strongswan-1.3.8.tar.gz vyos-strongswan-1.3.8.zip

cert-cache: Prevent crash due to integer overflow/sign change1.3.8 1.3.7 1.3.6 1.3.5 1.3.4 1.3.3-epa1 1.3.3 1.3.2 equuleus

random() allocates values in the range [0, RAND_MAX], with RAND_MAX usually equaling INT_MAX = 2^31-1. Previously, values between 0 and 31 were added directly to that offset before applying`% CACHE_SIZE` to get an index into the cache array. If the random value was very high, this resulted in an integer overflow and a negative index value and, therefore, an out-of-bounds access of the array and in turn dereferencing invalid pointers when trying to acquire the read lock. This most likely results in a segmentation fault. Fixes: 764e8b2211ce ("reimplemented certificate cache") Fixes: CVE-2021-41991 Signed-off-by: Daniil Baturin <daniil@vyos.io>

Diffstat (limited to 'ltmain.sh')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: