1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
#! /bin/sh /usr/share/dpatch/dpatch-run
## 01-fix-potential-DoS.dpatch by <rene@mayrhofer.eu.org>
##
## All lines beginning with ## DP:' are a description of the patch.
## DP: Fixes a potential DoS issue, backported from 4.2.7.
@DPATCH@
Index: strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
===================================================================
--- strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c (revision 4317)
+++ strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c (revision 4345)
@@ -94,9 +94,13 @@
mpz_powm(c, m, this->e, this->n);
- encrypted.len = this->k;
- encrypted.ptr = mpz_export(NULL, NULL, 1, encrypted.len, 1, 0, c);
+ encrypted.len = this->k;
+ encrypted.ptr = mpz_export(NULL, NULL, 1, encrypted.len, 1, 0, c);
+ if (encrypted.ptr == NULL)
+ {
+ encrypted.len = 0;
+ }
mpz_clear(c);
- mpz_clear(m);
+ mpz_clear(m);
return encrypted;
Index: strongswan/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
===================================================================
--- strongswan/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c (revision 3806)
+++ strongswan/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c (revision 4345)
@@ -344,5 +344,5 @@
*/
mpz_t g;
-
+
/**
* My private value.
@@ -354,5 +354,5 @@
*/
mpz_t ya;
-
+
/**
* Other public value.
@@ -374,5 +374,5 @@
*/
size_t p_len;
-
+
/**
* True if shared secret is computed and stored in my_public_value.
@@ -441,5 +441,9 @@
}
value->len = this->p_len;
- value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->yb);
+ value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->yb);
+ if (value->ptr == NULL)
+ {
+ return FAILED;
+ }
return SUCCESS;
}
@@ -452,4 +456,8 @@
value->len = this->p_len;
value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->ya);
+ if (value->ptr == NULL)
+ {
+ value->len = 0;
+ }
}
@@ -464,5 +472,9 @@
}
secret->len = this->p_len;
- secret->ptr = mpz_export(NULL, NULL, 1, secret->len, 1, 0, this->zz);
+ secret->ptr = mpz_export(NULL, NULL, 1, secret->len, 1, 0, this->zz);
+ if (secret->ptr == NULL)
+ {
+ return FAILED;
+ }
return SUCCESS;
}
Index: strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
===================================================================
--- strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c (revision 4317)
+++ strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c (revision 4345)
@@ -192,4 +192,8 @@
decrypted.len = this->k;
decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1);
+ if (decrypted.ptr == NULL)
+ {
+ decrypted.len = 0;
+ }
mpz_clear_randomized(t1);
Index: strongswan/src/openac/openac.c
===================================================================
--- strongswan/src/openac/openac.c (revision 4318)
+++ strongswan/src/openac/openac.c (revision 4345)
@@ -104,4 +104,8 @@
chunk.len = 1 + mpz_sizeinbase(number, 2)/BITS_PER_BYTE;
chunk.ptr = mpz_export(NULL, NULL, 1, chunk.len, 1, 0, number);
+ if (chunk.ptr == NULL)
+ {
+ chunk.len = 0;
+ }
return chunk;
}
|
