diff options
| -rw-r--r-- | debian/changelog | 8 | ||||
| -rw-r--r-- | debian/patches/00list | 1 | ||||
| -rw-r--r-- | debian/patches/01-fix-potential-DoS.dpatch | 111 |
3 files changed, 120 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index a49f21c02..a472f9a74 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +strongswan (4.2.4-5) unstable; urgency=high + + Reason for urgency high: this is potentially security relevant. + * Patch backported from 4.2.7 to fix a potential DoS issue. + Thanks to Thomas Kallenberg for the patch. + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 29 Sep 2008 10:35:30 +0200 + strongswan (4.2.4-4) unstable; urgency=low * Tweaked configure options for lenny to remove somewhat experimental, diff --git a/debian/patches/00list b/debian/patches/00list index e69de29bb..4dfbe9a18 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -0,0 +1 @@ +01-fix-potential-DoS.dpatch diff --git a/debian/patches/01-fix-potential-DoS.dpatch b/debian/patches/01-fix-potential-DoS.dpatch new file mode 100644 index 000000000..c72e564a0 --- /dev/null +++ b/debian/patches/01-fix-potential-DoS.dpatch @@ -0,0 +1,111 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 01-fix-potential-DoS.dpatch by <rene@mayrhofer.eu.org> +## +## All lines beginning with ## DP:' are a description of the patch. +## DP: Fixes a potential DoS issue, backported from 4.2.7. + +@DPATCH@ + +Index: strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +=================================================================== +--- strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c (revision 4317) ++++ strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c (revision 4345) +@@ -94,9 +94,13 @@ + mpz_powm(c, m, this->e, this->n); + +- encrypted.len = this->k; +- encrypted.ptr = mpz_export(NULL, NULL, 1, encrypted.len, 1, 0, c); ++ encrypted.len = this->k; ++ encrypted.ptr = mpz_export(NULL, NULL, 1, encrypted.len, 1, 0, c); ++ if (encrypted.ptr == NULL) ++ { ++ encrypted.len = 0; ++ } + + mpz_clear(c); +- mpz_clear(m); ++ mpz_clear(m); + + return encrypted; +Index: strongswan/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c +=================================================================== +--- strongswan/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c (revision 3806) ++++ strongswan/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c (revision 4345) +@@ -344,5 +344,5 @@ + */ + mpz_t g; +- ++ + /** + * My private value. +@@ -354,5 +354,5 @@ + */ + mpz_t ya; +- ++ + /** + * Other public value. +@@ -374,5 +374,5 @@ + */ + size_t p_len; +- ++ + /** + * True if shared secret is computed and stored in my_public_value. +@@ -441,5 +441,9 @@ + } + value->len = this->p_len; +- value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->yb); ++ value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->yb); ++ if (value->ptr == NULL) ++ { ++ return FAILED; ++ } + return SUCCESS; + } +@@ -452,4 +456,8 @@ + value->len = this->p_len; + value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->ya); ++ if (value->ptr == NULL) ++ { ++ value->len = 0; ++ } + } + +@@ -464,5 +472,9 @@ + } + secret->len = this->p_len; +- secret->ptr = mpz_export(NULL, NULL, 1, secret->len, 1, 0, this->zz); ++ secret->ptr = mpz_export(NULL, NULL, 1, secret->len, 1, 0, this->zz); ++ if (secret->ptr == NULL) ++ { ++ return FAILED; ++ } + return SUCCESS; + } +Index: strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +=================================================================== +--- strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c (revision 4317) ++++ strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c (revision 4345) +@@ -192,4 +192,8 @@ + decrypted.len = this->k; + decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1); ++ if (decrypted.ptr == NULL) ++ { ++ decrypted.len = 0; ++ } + + mpz_clear_randomized(t1); +Index: strongswan/src/openac/openac.c +=================================================================== +--- strongswan/src/openac/openac.c (revision 4318) ++++ strongswan/src/openac/openac.c (revision 4345) +@@ -104,4 +104,8 @@ + chunk.len = 1 + mpz_sizeinbase(number, 2)/BITS_PER_BYTE; + chunk.ptr = mpz_export(NULL, NULL, 1, chunk.len, 1, 0, number); ++ if (chunk.ptr == NULL) ++ { ++ chunk.len = 0; ++ } + return chunk; + } |