summaryrefslogtreecommitdiff
path: root/testing/tests/ikev2/shunt-policies-nat-rw
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2021-09-28 19:38:22 +0200
committerDaniil Baturin <daniil@vyos.io>2021-11-24 10:17:53 -0500
commitcfdaa88a6a069d98d082fc464cd4b4aa7ff3105d (patch)
tree5fbd6bee4e0460bb5ec8b4071e732d0b3b1abdd2 /testing/tests/ikev2/shunt-policies-nat-rw
parent2d899ce706ccb01dc9e8193aebca297058094391 (diff)
downloadvyos-strongswan-crux.tar.gz
vyos-strongswan-crux.zip
cert-cache: Prevent crash due to integer overflow/sign change1.2.9-S1crux
random() allocates values in the range [0, RAND_MAX], with RAND_MAX usually equaling INT_MAX = 2^31-1. Previously, values between 0 and 31 were added directly to that offset before applying`% CACHE_SIZE` to get an index into the cache array. If the random value was very high, this resulted in an integer overflow and a negative index value and, therefore, an out-of-bounds access of the array and in turn dereferencing invalid pointers when trying to acquire the read lock. This most likely results in a segmentation fault. Fixes: 764e8b2211ce ("reimplemented certificate cache") Fixes: CVE-2021-41991 Signed-off-by: Daniil Baturin <daniil@vyos.io>
Diffstat (limited to 'testing/tests/ikev2/shunt-policies-nat-rw')
0 files changed, 0 insertions, 0 deletions