Browse code
Fix for CVE-2018-5388: stroke: Ensure a minimum message length
Change-Id: If4434ccedd22eae3bc47b0fad906669c9e0ab80c
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5349
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Srinidhi Rao <srinidhir@vmware.com>
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
Ajay Kaher authored on 2018/07/13 02:51:20Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,27 @@ |
| 0 |
+From 0acd1ab4d08d53d80393b1a37b8781f6e7b2b996 Mon Sep 17 00:00:00 2001 |
|
| 1 |
+From: Tobias Brunner <tobias@strongswan.org> |
|
| 2 |
+Date: Tue, 13 Mar 2018 18:54:08 +0100 |
|
| 3 |
+Subject: [PATCH] stroke: Ensure a minimum message length |
|
| 4 |
+ |
|
| 5 |
+--- |
|
| 6 |
+ src/libcharon/plugins/stroke/stroke_socket.c | 5 +++++ |
|
| 7 |
+ 1 file changed, 5 insertions(+) |
|
| 8 |
+ |
|
| 9 |
+diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c |
|
| 10 |
+index c568440..1e7f210 100644 |
|
| 11 |
+--- a/src/libcharon/plugins/stroke/stroke_socket.c |
|
| 12 |
+@@ -627,6 +627,11 @@ static bool on_accept(private_stroke_socket_t *this, stream_t *stream) |
|
| 13 |
+ } |
|
| 14 |
+ return FALSE; |
|
| 15 |
+ } |
|
| 16 |
++ if (len < offsetof(stroke_msg_t, buffer)) |
|
| 17 |
++ {
|
|
| 18 |
++ DBG1(DBG_CFG, "invalid stroke message length %d", len); |
|
| 19 |
++ return FALSE; |
|
| 20 |
++ } |
|
| 21 |
+ |
|
| 22 |
+ /* read message (we need an additional byte to terminate the buffer) */ |
|
| 23 |
+ msg = malloc(len + 1); |
|
| 24 |
+-- |
|
| 25 |
+1.9.1 |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
Summary: The OpenSource IPsec-based VPN Solution |
| 2 | 2 |
Name: strongswan |
| 3 | 3 |
Version: 5.5.2 |
| 4 |
-Release: 1%{?dist}
|
|
| 4 |
+Release: 2%{?dist}
|
|
| 5 | 5 |
License: GPLv2+ |
| 6 | 6 |
URL: https://www.strongswan.org/ |
| 7 | 7 |
Group: System Environment/Security |
| ... | ... |
@@ -12,6 +12,7 @@ Source0: https://download.strongswan.org/%{name}-%{version}.tar.bz2
|
| 12 | 12 |
Patch0: strongswan-CVE-2017-11185.patch |
| 13 | 13 |
Patch1: strongswan-CVE-2017-9022.patch |
| 14 | 14 |
Patch2: strongswan-CVE-2017-9023.patch |
| 15 |
+Patch3: strongswan-CVE-2018-5388.patch |
|
| 15 | 16 |
BuildRequires: autoconf |
| 16 | 17 |
|
| 17 | 18 |
%description |
| ... | ... |
@@ -22,6 +23,7 @@ strongSwan is a complete IPsec implementation for Linux 2.6, 3.x, and 4.x kernel |
| 22 | 22 |
%patch0 -p1 |
| 23 | 23 |
%patch1 -p1 |
| 24 | 24 |
%patch2 -p1 |
| 25 |
+%patch3 -p1 |
|
| 25 | 26 |
|
| 26 | 27 |
%build |
| 27 | 28 |
./configure --prefix=%{_prefix} --sysconfdir=%{_sysconfdir}
|
| ... | ... |
@@ -54,6 +56,8 @@ rm -rf %{buildroot}/*
|
| 54 | 54 |
|
| 55 | 55 |
|
| 56 | 56 |
%changelog |
| 57 |
+* Wed Jul 11 2018 Ajay Kaher <akaher@vmware.com> 5.5.2-2 |
|
| 58 |
+- Fix CVE-2018-5388 |
|
| 57 | 59 |
* Wed Apr 18 2018 Xiaolin Li <xiaolinl@vmware.com> 5.5.2-1 |
| 58 | 60 |
- Update to version 5.5.2 and apply patches for CVE-2017-9022 and CVE-2017-9023 |
| 59 | 61 |
* Thu Oct 19 2017 Xiaolin Li <xiaolinl@vmware.com> 5.5.1-2 |