Browse code
strongswan: Added Patch for CVE-2018-10811
Applied patch for CVE-2018-10811.
Change-Id: I57b288e7b75e705072043aab96e27bcf88ea5369
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5496
Reviewed-by: Sharath George
Tested-by: Sharath George
Tapas Kundu authored on 2018/08/16 21:22:37Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,38 @@ |
| 0 |
+From b450318c15496f89e7c93392c9b5d2c6045c7de9 Mon Sep 17 00:00:00 2001 |
|
| 1 |
+From: Tobias Brunner <tobias@strongswan.org> |
|
| 2 |
+Date: Mon, 19 Mar 2018 17:03:05 +0100 |
|
| 3 |
+Subject: [PATCH] ikev2: Initialize variable in case set_key() or |
|
| 4 |
+ allocate_bytes() fails |
|
| 5 |
+ |
|
| 6 |
+In case the PRF's set_key() or allocate_bytes() method failed, skeyseed |
|
| 7 |
+was not initialized and the chunk_clear() call later caused a crash. |
|
| 8 |
+ |
|
| 9 |
+This could have happened with OpenSSL in FIPS mode when MD5 was |
|
| 10 |
+negotiated (and test vectors were not checked, in which case the PRF |
|
| 11 |
+couldn't be instantiated as the test vectors would have failed). |
|
| 12 |
+MD5 is not included in the default proposal anymore since 5.6.1, so |
|
| 13 |
+with recent versions this could only happen with configs that are not |
|
| 14 |
+valid in FIPS mode anyway. |
|
| 15 |
+ |
|
| 16 |
+Fixes: CVE-2018-10811 |
|
| 17 |
+--- |
|
| 18 |
+ src/libcharon/sa/ikev2/keymat_v2.c | 4 ++-- |
|
| 19 |
+ 1 file changed, 2 insertions(+), 2 deletions(-) |
|
| 20 |
+ |
|
| 21 |
+diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c |
|
| 22 |
+index 0c41c68d0118..8b20d1ce986f 100644 |
|
| 23 |
+--- a/src/libcharon/sa/ikev2/keymat_v2.c |
|
| 24 |
+@@ -303,8 +303,8 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, |
|
| 25 |
+ chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id, |
|
| 26 |
+ pseudo_random_function_t rekey_function, chunk_t rekey_skd) |
|
| 27 |
+ {
|
|
| 28 |
+- chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed; |
|
| 29 |
+- chunk_t spi_i, spi_r; |
|
| 30 |
++ chunk_t skeyseed = chunk_empty, key, secret, full_nonce, fixed_nonce; |
|
| 31 |
++ chunk_t prf_plus_seed, spi_i, spi_r; |
|
| 32 |
+ prf_plus_t *prf_plus = NULL; |
|
| 33 |
+ uint16_t alg, key_size, int_alg; |
|
| 34 |
+ prf_t *rekey_prf = NULL; |
|
| 35 |
+-- |
|
| 36 |
+2.7.4 |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
Summary: The OpenSource IPsec-based VPN Solution |
| 2 | 2 |
Name: strongswan |
| 3 | 3 |
Version: 5.5.2 |
| 4 |
-Release: 4%{?dist}
|
|
| 4 |
+Release: 5%{?dist}
|
|
| 5 | 5 |
License: GPLv2+ |
| 6 | 6 |
URL: https://www.strongswan.org/ |
| 7 | 7 |
Group: System Environment/Security |
| ... | ... |
@@ -13,6 +13,7 @@ Patch0: CVE-2017-9022.patch |
| 13 | 13 |
Patch1: CVE-2017-9023.patch |
| 14 | 14 |
Patch2: CVE-2017-11185.patch |
| 15 | 15 |
Patch3: CVE-2018-5388.patch |
| 16 |
+Patch4: CVE-2018-10811.patch |
|
| 16 | 17 |
BuildRequires: autoconf |
| 17 | 18 |
|
| 18 | 19 |
%description |
| ... | ... |
@@ -24,6 +25,7 @@ strongSwan is a complete IPsec implementation for Linux 2.6, 3.x, and 4.x kernel |
| 24 | 24 |
%patch1 -p1 |
| 25 | 25 |
%patch2 -p1 |
| 26 | 26 |
%patch3 -p1 |
| 27 |
+%patch4 -p1 |
|
| 27 | 28 |
|
| 28 | 29 |
%build |
| 29 | 30 |
./configure --prefix=%{_prefix} --sysconfdir=%{_sysconfdir}
|
| ... | ... |
@@ -53,6 +55,8 @@ rm -rf %{buildroot}/*
|
| 53 | 53 |
%{_datadir}/strongswan/*
|
| 54 | 54 |
|
| 55 | 55 |
%changelog |
| 56 |
+* Thu Aug 16 2018 Tapas Kundu <tkundu@vmware.com> 5.5.2-5 |
|
| 57 |
+- Fix for CVE-2018-10811 |
|
| 56 | 58 |
* Mon Jul 16 2018 Ajay Kaher <akaher@vmware.com> 5.5.2-4 |
| 57 | 59 |
- Fix CVE-2018-5388 |
| 58 | 60 |
* Tue Oct 10 2017 Dheeraj Shetty <dheerajs@vmware.com> 5.5.2-3 |