[Pkg-swan-devel] [strongswan] 01/01: Fix crash by null pointer dereference

Yves-Alexis Perez corsac at moszumanska.debian.org
Mon May 5 13:22:14 UTC 2014 

This is an automated email from the git hooks/post-receive script.

corsac pushed a commit to branch wheezy-security
in repository strongswan.

commit 880b7f8b4767e222d492530bbfb0f2399046472a
Author: Yves-Alexis Perez <corsac at debian.org>
Date:   Sat May 3 15:58:40 2014 +0200

    Fix crash by null pointer dereference
    
    * Non-maintainer upload by the Security Team.
    * debian/patches:
      - CVE-2014-2891 added, fix potential null pointer dereference when parsing
        ASN.1 data, leading to denial of service (CVE-2014-2891).
---
 debian/changelog                   |  9 +++++++++
 debian/patches/CVE-2014-2891.patch | 26 ++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 3 files changed, 36 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 66abbab..c6000f8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+strongswan (4.5.2-1.5+deb7u4) wheezy-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * debian/patches:
+    - CVE-2014-2891 added, fix potential null pointer dereference when parsing
+      ASN.1 data, leading to denial of service (CVE-2014-2891).
+
+ -- Yves-Alexis Perez <corsac at debian.org>  Sat, 03 May 2014 15:01:45 +0200
+
 strongswan (4.5.2-1.5+deb7u3) wheezy-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff --git a/debian/patches/CVE-2014-2891.patch b/debian/patches/CVE-2014-2891.patch
new file mode 100644
index 0000000..364d1f4
--- /dev/null
+++ b/debian/patches/CVE-2014-2891.patch
@@ -0,0 +1,26 @@
+From 4609d5384c187aef2e58f91f53f5889f25faeaeb Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias at strongswan.org>
+Date: Thu, 24 Apr 2014 17:04:10 +0200
+Subject: [PATCH] asn1: Properly check length in asn1_unwrap()
+
+Fixes CVE-2014-2891 in strongSwan releases 4.3.3-5.1.1.
+---
+ src/libstrongswan/asn1/asn1.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
+index d860ad9..9a5f5c5 100644
+--- a/src/libstrongswan/asn1/asn1.c
++++ b/src/libstrongswan/asn1/asn1.c
+@@ -296,7 +296,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner)
+ 	else
+ 	{	/* composite length, determine number of length octets */
+ 		len &= 0x7f;
+-		if (len == 0 || len > sizeof(res.len))
++		if (len == 0 || len > blob->len || len > sizeof(res.len))
+ 		{
+ 			return ASN1_INVALID;
+ 		}
+-- 
+1.7.10.4
+
diff --git a/debian/patches/series b/debian/patches/series
index 4d5a04b..d9ba358 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@ debian-changes-4.5.2-1.1
 0001-Check-return-value-of-ECDSA_Verify-correctly.patch
 CVE-2013-6075.patch
 CVE-2014-2338-4.x.patch
+CVE-2014-2891.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-swan/strongswan.git

More information about the Pkg-swan-devel mailing list