[Pkg-swan-devel] [strongswan] 01/01: Fix crash by null pointer dereference
Yves-Alexis Perez
corsac at moszumanska.debian.org
Mon May 5 13:22:07 UTC 2014
This is an automated email from the git hooks/post-receive script.
corsac pushed a commit to branch squeeze-security
in repository strongswan.
commit f7ed55a3095f5409a31d1084387008e254d0f2ce
Author: Yves-Alexis Perez <corsac at debian.org>
Date: Sat May 3 14:48:45 2014 +0200
Fix crash by null pointer dereference
* Non-maintainer upload by the Security Team.
* debian/patches:
- CVE-2014-2891 added, fix potential null pointer dereference when parsing
ASN.1 data, leading to denial of service (CVE-2014-2891).
---
debian/changelog | 9 +++++++++
debian/patches/CVE-2014-2891.patch | 26 ++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 36 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 4e99bdb..62e4449 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+strongswan (4.4.1-5.6) squeeze-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * debian/patches:
+ - CVE-2014-2891 added, fix potential null pointer dereference when parsing
+ ASN.1 data, leading to denial of service (CVE-2014-2891).
+
+ -- Yves-Alexis Perez <corsac at debian.org> Sat, 03 May 2014 14:48:15 +0200
+
strongswan (4.4.1-5.5) squeeze-security; urgency=high
* Non-maintainer upload by the Security Team.
diff --git a/debian/patches/CVE-2014-2891.patch b/debian/patches/CVE-2014-2891.patch
new file mode 100644
index 0000000..364d1f4
--- /dev/null
+++ b/debian/patches/CVE-2014-2891.patch
@@ -0,0 +1,26 @@
+From 4609d5384c187aef2e58f91f53f5889f25faeaeb Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias at strongswan.org>
+Date: Thu, 24 Apr 2014 17:04:10 +0200
+Subject: [PATCH] asn1: Properly check length in asn1_unwrap()
+
+Fixes CVE-2014-2891 in strongSwan releases 4.3.3-5.1.1.
+---
+ src/libstrongswan/asn1/asn1.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
+index d860ad9..9a5f5c5 100644
+--- a/src/libstrongswan/asn1/asn1.c
++++ b/src/libstrongswan/asn1/asn1.c
+@@ -296,7 +296,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner)
+ else
+ { /* composite length, determine number of length octets */
+ len &= 0x7f;
+- if (len == 0 || len > sizeof(res.len))
++ if (len == 0 || len > blob->len || len > sizeof(res.len))
+ {
+ return ASN1_INVALID;
+ }
+--
+1.7.10.4
+
diff --git a/debian/patches/series b/debian/patches/series
index 2422982..1860b4f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,4 @@ debian-changes-4.4.1-5
0001-Check-return-value-of-ECDSA_Verify-correctly.patch
CVE-2013-6075.patch
CVE-2014-2338-4.x.patch
+CVE-2014-2891.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-swan/strongswan.git
More information about the Pkg-swan-devel
mailing list