[Pkg-swan-devel] [strongswan] 01/01: Fix crash by null pointer dereference

Yves-Alexis Perez corsac at moszumanska.debian.org
Mon May 5 13:22:07 UTC 2014 

This is an automated email from the git hooks/post-receive script.

corsac pushed a commit to branch squeeze-security
in repository strongswan.

commit f7ed55a3095f5409a31d1084387008e254d0f2ce
Author: Yves-Alexis Perez <corsac at debian.org>
Date:   Sat May 3 14:48:45 2014 +0200

    Fix crash by null pointer dereference
    
    * Non-maintainer upload by the Security Team.
    * debian/patches:
      - CVE-2014-2891 added, fix potential null pointer dereference when parsing
        ASN.1 data, leading to denial of service (CVE-2014-2891).
---
 debian/changelog                   |  9 +++++++++
 debian/patches/CVE-2014-2891.patch | 26 ++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 3 files changed, 36 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 4e99bdb..62e4449 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+strongswan (4.4.1-5.6) squeeze-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * debian/patches:
+    - CVE-2014-2891 added, fix potential null pointer dereference when parsing
+      ASN.1 data, leading to denial of service (CVE-2014-2891).
+
+ -- Yves-Alexis Perez <corsac at debian.org>  Sat, 03 May 2014 14:48:15 +0200
+
 strongswan (4.4.1-5.5) squeeze-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff --git a/debian/patches/CVE-2014-2891.patch b/debian/patches/CVE-2014-2891.patch
new file mode 100644
index 0000000..364d1f4
--- /dev/null
+++ b/debian/patches/CVE-2014-2891.patch
@@ -0,0 +1,26 @@
+From 4609d5384c187aef2e58f91f53f5889f25faeaeb Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias at strongswan.org>
+Date: Thu, 24 Apr 2014 17:04:10 +0200
+Subject: [PATCH] asn1: Properly check length in asn1_unwrap()
+
+Fixes CVE-2014-2891 in strongSwan releases 4.3.3-5.1.1.
+---
+ src/libstrongswan/asn1/asn1.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
+index d860ad9..9a5f5c5 100644
+--- a/src/libstrongswan/asn1/asn1.c
++++ b/src/libstrongswan/asn1/asn1.c
+@@ -296,7 +296,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner)
+ 	else
+ 	{	/* composite length, determine number of length octets */
+ 		len &= 0x7f;
+-		if (len == 0 || len > sizeof(res.len))
++		if (len == 0 || len > blob->len || len > sizeof(res.len))
+ 		{
+ 			return ASN1_INVALID;
+ 		}
+-- 
+1.7.10.4
+
diff --git a/debian/patches/series b/debian/patches/series
index 2422982..1860b4f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,4 @@ debian-changes-4.4.1-5
 0001-Check-return-value-of-ECDSA_Verify-correctly.patch
 CVE-2013-6075.patch
 CVE-2014-2338-4.x.patch
+CVE-2014-2891.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-swan/strongswan.git

More information about the Pkg-swan-devel mailing list