[Swan-commit] Changes to ref refs/heads/master

Paul Wouters paul at vault.libreswan.fi
Thu Apr 25 20:45:30 EEST 2013


New commits:
commit ebf7d7d75d94269cd3d852bb5e4a3bb7448fead0
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Apr 25 13:40:12 2013 -0400

    * updated changes

commit 2cd9002ceee7602c1a51061ee9c50bd7e76781e3
Author: Florian Weimer <fweimer at redhat.com>
Date:   Thu Apr 25 13:37:34 2013 -0400

    * security: fetch_curl: Set timeout for the entire request
    
    Otherwise a stuck connection could effectively disable CRL fetching.
    
    Signed-off-by: Paul Wouters <pwouters at redhat.com>
    
    This is due to the CRL fetching not using proper helper threads like
    the crypto/dns threads. This only affects a broken CRL URI point
    as taken from the CA certificate.

commit 34e669419f7b130ddeedf2c3559f75f98f73f316
Author: Florian Weimer <fweimer at redhat.com>
Date:   Thu Apr 25 13:34:43 2013 -0400

    * security: do_aes: Abort on failure
    
    The routine cannot signal encryption failures to the caller
    and would leave the buffer unencrypted on error.

commit 30da4deb7f01ce260f5905a7d6032225c1998fd1
Author: Florian Weimer <fweimer at redhat.com>
Date:   Thu Apr 25 13:34:14 2013 -0400

    * security: do_3des: Abort on failure
    
    The routine cannot signal encryption failures to the caller
    and would leave the buffer unencrypted on error.

commit a0d451dd055cc30014d67f7ee563dfdb9791c23f
Author: Florian Weimer <fweimer at redhat.com>
Date:   Thu Apr 25 13:31:07 2013 -0400

    * security: Check that origin of netlink message is the kernel [Florian]

commit 0c9e7831570fbe1c641df16baf51446b55e63a7e
Author: Florian Weimer <fweimer at redhat.com>
Date:   Thu Apr 25 13:29:30 2013 -0400

    * security: escape_metachar: Do not write beyond the end of the buffer

commit 8f5b979438c89297daa2c608e7250e1064c3f8ab
Author: Florian Weimer <fweimer at redhat.com>
Date:   Thu Apr 25 13:26:26 2013 -0400

    * security: alloc_bytes1(): Integer overflow if the leak detective enabled
    
    leak detective is not enabled per default.

commit 41b7588627719b36807fd4d23dd695ca13e6537b
Author: Florian Weimer <fweimer at redhat.com>
Date:   Thu Apr 4 11:45:15 2013 +0200

    prettypolicy: Avoid buffer length computations
    
    This ensures that snprintf is not called with a length argument of
    zero.

commit efd322f6cc8c24174e49cd437c79fc4f3779dbdb
Author: Florian Weimer <fweimer at redhat.com>
Date:   Thu Apr 4 11:50:12 2013 +0200

    readwhackmsg: Guard against integer overflow when rounding up length

commit bb4402e9fbda06afb3153b97a2494c3d2b90c435
Author: Florian Weimer <fweimer at redhat.com>
Date:   Thu Apr 4 11:59:45 2013 +0200

    alg_enum_search_prefix, alg_enum_search_ppfix: Guard against long prefix
    
    Existing callers use short, constant strings, so this does not make a
    difference at present.

commit 43b5d6ee61a38167b45c7c9f67552dca91430a28
Author: Florian Weimer <fweimer at redhat.com>
Date:   Mon Apr 8 15:46:18 2013 +0200

    spawn_worker: Call _exit instead of exit in the child process
    
    This suppresses unwanted cleanup actions.

commit 201247c6b0798d1e5f239284940aa7db4a4e6b04
Author: Florian Weimer <fweimer at redhat.com>
Date:   Mon Apr 8 16:30:58 2013 +0200

    Remove random_devices variable from programs/pluto/rnd.c

commit 1a968534c35fdb236c0dcc1ab29eaaaa1a09f15e
Author: Florian Weimer <fweimer at redhat.com>
Date:   Mon Apr 8 16:33:01 2013 +0200

    linux/net/ipsec/prng.c: Remove, no longer used

commit f93f5a4fbaa1a895640b6b994c3aaefc88a123fa
Author: Florian Weimer <fweimer at redhat.com>
Date:   Mon Apr 8 16:42:12 2013 +0200

    get_rnd_bytes: Abort on random number generator failure
    
    We must not return without overwriting the buffer.

commit 5c5d103c836cd4d5ecc3e58adef60db85cc4aac6
Author: Florian Weimer <fweimer at redhat.com>
Date:   Mon Apr 8 17:21:28 2013 +0200

    db_trans_expand, db_attrs_expand: Use ptrdiff_t for the pointer offset
    
    This still invokes undefined behavior, but is more 64 bit safe.

commit 4f90867f0c804a68a538c1fb3d370e6fd35984ff
Author: Florian Weimer <fweimer at redhat.com>
Date:   Tue Apr 9 16:19:11 2013 +0200

    pluto_crypto_allocchunk: Avoid wrapround in assert

commit 4d1dda24046ae4e713d34baf61b1911522736ed8
Author: Florian Weimer <fweimer at redhat.com>
Date:   Tue Apr 9 16:21:48 2013 +0200

    pluto_crypt_handle_dead_child: Remove, dead code

commit ecce8df69fa88fd89efd62672c238882a3289dbf
Author: Florian Weimer <fweimer at redhat.com>
Date:   Tue Apr 9 16:48:22 2013 +0200

    humanize_number: Avoid variable format string
    
    Also add check for snprintf result.

commit ba2104c9d4634701e77e18ef95722b9f63c6d2c8
Author: Florian Weimer <fweimer at redhat.com>
Date:   Tue Apr 9 17:03:34 2013 +0200

    get_addr: Move docstring comment in front of the function

commit 33faa04556b7e8de0547a032b89f4d8e29d336fc
Author: Florian Weimer <fweimer at redhat.com>
Date:   Wed Apr 10 09:52:56 2013 +0200

    LSW_FDMASK: Avoid signed integer overflow
    
    Shifting into the sign position is currently a GCC extension, but that
    may change in the future (according to the GCC manual).

commit 2ea078b21cbaab5f8824b85f95f6e4554f05b54a
Author: Florian Weimer <fweimer at redhat.com>
Date:   Wed Apr 10 10:14:20 2013 +0200

    format_connection: Avoid using the snprintf return value

commit 612cb44274692713d598347d6cf98c9cdb87df08
Author: Florian Weimer <fweimer at redhat.com>
Date:   Wed Apr 10 10:35:57 2013 +0200

    biglset_format: Do not rely on the return value of snprintf

commit 4031611a1c187c6e7968add1a54ddfc729befa85
Author: Florian Weimer <fweimer at redhat.com>
Date:   Wed Apr 10 10:47:59 2013 +0200

    alg_info_snprint: Do not rely on the return value of snprintf

commit e8779816991b191eccdb2c498edae9d1ba9347fb
Author: Florian Weimer <fweimer at redhat.com>
Date:   Wed Apr 10 11:21:49 2013 +0200

    quick_inI1_outR1_authtail: Do not rely on the snprintf result

commit f137fcb99d40a0b102af1e4fa6e4c0fe98895f97
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Apr 25 13:11:46 2013 -0400

    * update changes

commit 7ecc33cd9bf4ee01ae1f72dfb58ee8d25e15cb5d
Author: Florian Weimer <fweimer at redhat.com>
Date:   Thu Apr 25 13:08:23 2013 -0400

    * security: dn_parse(), hex_str() write beyond end of the buffer
    
    lib/libswan/x509dn.c:dn_parse(), hex_str() seem to write beyond the
    end of the buffer, via side effect in the second arguments of
    update_chunk calls.  update_chunk should call snprintf itself, with
    the proper remaining buffer length.
    
    Signed-off-by: Paul Wouters <pwouters at redhat.com>

commit 7d0ca355a5c7f8337130d4b0b3e7686f2fa4d4c2
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Apr 25 12:44:55 2013 -0400

    * security: atodn() / atoid() buffer overflow
    
    lib/libswan/x509dn.c:atodn() does not perform any length checking
    whatsoever on the output buffer.
    
    Affected:
    - Libreswan 3.0 and 3.1 (3.2 disabled the oe= option)
    - Openswan versions up to and including 2.6.38
    - Possibly certain strongswan 3.x/4.x versions
    
    This overflow is exposed (pre-authentication) only in opportunistic
    encryption mode. When it is called via receiving a certificate
    via IKEv1 or IKEv2, and when it is loaded from disk, the buffers
    passed to atodn() are big enough.
    
    This means this vulnerability can only be triggered when:
    - Opportunistic Encryption is enabled (oe=yes)
    - The attacker is local in the same network and adds a malicious
      reverse DNS record to the client's IP, or
    - The attacker can trigger an OE DNS lookup to a client fully
      configured with OE and their own key.
    
    Libreswan and openswan versions do not enable Opportunistic Encryption
    per default.  Most distributions like RHEL, Fedora, Debian and Ubuntu
    also do not enable OE per default.
    
    This patch addresses the vulnerability in atodn() and further limits the
    atoid() call not to traverse into the ASN1 case when triggered by non-cert
    cases such as opportunistic encryption.
    
    Vulnerability discoverd by Florian Weimer <fweimer at redhat.com> of the
    Red Hat Product Security Team.
    
    Patch by D. Hugh Redelmeier <hugh at mimosa.com> and Paul Wouters <pwouters at redhat.com>

commit 33c14306a63f63b96c833ee325d06ce1adce0856
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Apr 25 12:39:37 2013 -0400

    * testing: converted ikev2-04-basic-x509 to kvm



More information about the Swan-commit mailing list