Browse code
Fix for CVE-2018-5388: stroke: Ensure a minimum message length
Change-Id: Ibb5040526c04c84b24dc82c1817a026463a758ee
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5394
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>
Ajay Kaher authored on 2018/07/24 05:28:20Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,27 @@ |
| 0 |
+From 0acd1ab4d08d53d80393b1a37b8781f6e7b2b996 Mon Sep 17 00:00:00 2001 |
|
| 1 |
+From: Tobias Brunner <tobias@strongswan.org> |
|
| 2 |
+Date: Tue, 13 Mar 2018 18:54:08 +0100 |
|
| 3 |
+Subject: [PATCH] stroke: Ensure a minimum message length |
|
| 4 |
+ |
|
| 5 |
+--- |
|
| 6 |
+ src/libcharon/plugins/stroke/stroke_socket.c | 5 +++++ |
|
| 7 |
+ 1 file changed, 5 insertions(+) |
|
| 8 |
+ |
|
| 9 |
+diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c |
|
| 10 |
+index c568440..1e7f210 100644 |
|
| 11 |
+--- a/src/libcharon/plugins/stroke/stroke_socket.c |
|
| 12 |
+@@ -627,6 +627,11 @@ static bool on_accept(private_stroke_socket_t *this, stream_t *stream) |
|
| 13 |
+ } |
|
| 14 |
+ return FALSE; |
|
| 15 |
+ } |
|
| 16 |
++ if (len < offsetof(stroke_msg_t, buffer)) |
|
| 17 |
++ {
|
|
| 18 |
++ DBG1(DBG_CFG, "invalid stroke message length %d", len); |
|
| 19 |
++ return FALSE; |
|
| 20 |
++ } |
|
| 21 |
+ |
|
| 22 |
+ /* read message (we need an additional byte to terminate the buffer) */ |
|
| 23 |
+ msg = malloc(len + 1); |
|
| 24 |
+-- |
|
| 25 |
+1.9.1 |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
Summary: The OpenSource IPsec-based VPN Solution |
| 2 | 2 |
Name: strongswan |
| 3 | 3 |
Version: 5.5.2 |
| 4 |
-Release: 3%{?dist}
|
|
| 4 |
+Release: 4%{?dist}
|
|
| 5 | 5 |
License: GPLv2+ |
| 6 | 6 |
URL: https://www.strongswan.org/ |
| 7 | 7 |
Group: System Environment/Security |
| ... | ... |
@@ -12,6 +12,7 @@ Source0: https://download.strongswan.org/%{name}-%{version}.tar.bz2
|
| 12 | 12 |
Patch0: CVE-2017-9022.patch |
| 13 | 13 |
Patch1: CVE-2017-9023.patch |
| 14 | 14 |
Patch2: CVE-2017-11185.patch |
| 15 |
+Patch3: CVE-2018-5388.patch |
|
| 15 | 16 |
|
| 16 | 17 |
BuildRequires: autoconf |
| 17 | 18 |
|
| ... | ... |
@@ -23,6 +24,7 @@ strongSwan is a complete IPsec implementation for Linux 2.6, 3.x, and 4.x kernel |
| 23 | 23 |
%patch0 -p1 |
| 24 | 24 |
%patch1 -p1 |
| 25 | 25 |
%patch2 -p1 |
| 26 |
+%patch3 -p1 |
|
| 26 | 27 |
|
| 27 | 28 |
%build |
| 28 | 29 |
./configure --prefix=%{_prefix} --sysconfdir=%{_sysconfdir}
|
| ... | ... |
@@ -52,6 +54,8 @@ rm -rf %{buildroot}/*
|
| 52 | 52 |
%{_datadir}/strongswan/*
|
| 53 | 53 |
|
| 54 | 54 |
%changelog |
| 55 |
+* Mon Jul 23 2018 Ajay Kaher <akaher@vmware.com> 5.5.2-4 |
|
| 56 |
+- Fix CVE-2018-5388 |
|
| 55 | 57 |
* Tue Oct 10 2017 Dheeraj Shetty <dheerajs@vmware.com> 5.5.2-3 |
| 56 | 58 |
- Fix CVE-2017-11185 CVE-2017-9022 and CVE-2017-9023 |
| 57 | 59 |
* Thu Aug 24 2017 Alexey Makhalov <amakhalov@vmware.com> 5.5.2-2 |