[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Thu Apr 25 20:45:30 EEST 2013
New commits:
commit ebf7d7d75d94269cd3d852bb5e4a3bb7448fead0
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Apr 25 13:40:12 2013 -0400
* updated changes
commit 2cd9002ceee7602c1a51061ee9c50bd7e76781e3
Author: Florian Weimer <fweimer at redhat.com>
Date: Thu Apr 25 13:37:34 2013 -0400
* security: fetch_curl: Set timeout for the entire request
Otherwise a stuck connection could effectively disable CRL fetching.
Signed-off-by: Paul Wouters <pwouters at redhat.com>
This is due to the CRL fetching not using proper helper threads like
the crypto/dns threads. This only affects a broken CRL URI point
as taken from the CA certificate.
commit 34e669419f7b130ddeedf2c3559f75f98f73f316
Author: Florian Weimer <fweimer at redhat.com>
Date: Thu Apr 25 13:34:43 2013 -0400
* security: do_aes: Abort on failure
The routine cannot signal encryption failures to the caller
and would leave the buffer unencrypted on error.
commit 30da4deb7f01ce260f5905a7d6032225c1998fd1
Author: Florian Weimer <fweimer at redhat.com>
Date: Thu Apr 25 13:34:14 2013 -0400
* security: do_3des: Abort on failure
The routine cannot signal encryption failures to the caller
and would leave the buffer unencrypted on error.
commit a0d451dd055cc30014d67f7ee563dfdb9791c23f
Author: Florian Weimer <fweimer at redhat.com>
Date: Thu Apr 25 13:31:07 2013 -0400
* security: Check that origin of netlink message is the kernel [Florian]
commit 0c9e7831570fbe1c641df16baf51446b55e63a7e
Author: Florian Weimer <fweimer at redhat.com>
Date: Thu Apr 25 13:29:30 2013 -0400
* security: escape_metachar: Do not write beyond the end of the buffer
commit 8f5b979438c89297daa2c608e7250e1064c3f8ab
Author: Florian Weimer <fweimer at redhat.com>
Date: Thu Apr 25 13:26:26 2013 -0400
* security: alloc_bytes1(): Integer overflow if the leak detective enabled
leak detective is not enabled per default.
commit 41b7588627719b36807fd4d23dd695ca13e6537b
Author: Florian Weimer <fweimer at redhat.com>
Date: Thu Apr 4 11:45:15 2013 +0200
prettypolicy: Avoid buffer length computations
This ensures that snprintf is not called with a length argument of
zero.
commit efd322f6cc8c24174e49cd437c79fc4f3779dbdb
Author: Florian Weimer <fweimer at redhat.com>
Date: Thu Apr 4 11:50:12 2013 +0200
readwhackmsg: Guard against integer overflow when rounding up length
commit bb4402e9fbda06afb3153b97a2494c3d2b90c435
Author: Florian Weimer <fweimer at redhat.com>
Date: Thu Apr 4 11:59:45 2013 +0200
alg_enum_search_prefix, alg_enum_search_ppfix: Guard against long prefix
Existing callers use short, constant strings, so this does not make a
difference at present.
commit 43b5d6ee61a38167b45c7c9f67552dca91430a28
Author: Florian Weimer <fweimer at redhat.com>
Date: Mon Apr 8 15:46:18 2013 +0200
spawn_worker: Call _exit instead of exit in the child process
This suppresses unwanted cleanup actions.
commit 201247c6b0798d1e5f239284940aa7db4a4e6b04
Author: Florian Weimer <fweimer at redhat.com>
Date: Mon Apr 8 16:30:58 2013 +0200
Remove random_devices variable from programs/pluto/rnd.c
commit 1a968534c35fdb236c0dcc1ab29eaaaa1a09f15e
Author: Florian Weimer <fweimer at redhat.com>
Date: Mon Apr 8 16:33:01 2013 +0200
linux/net/ipsec/prng.c: Remove, no longer used
commit f93f5a4fbaa1a895640b6b994c3aaefc88a123fa
Author: Florian Weimer <fweimer at redhat.com>
Date: Mon Apr 8 16:42:12 2013 +0200
get_rnd_bytes: Abort on random number generator failure
We must not return without overwriting the buffer.
commit 5c5d103c836cd4d5ecc3e58adef60db85cc4aac6
Author: Florian Weimer <fweimer at redhat.com>
Date: Mon Apr 8 17:21:28 2013 +0200
db_trans_expand, db_attrs_expand: Use ptrdiff_t for the pointer offset
This still invokes undefined behavior, but is more 64 bit safe.
commit 4f90867f0c804a68a538c1fb3d370e6fd35984ff
Author: Florian Weimer <fweimer at redhat.com>
Date: Tue Apr 9 16:19:11 2013 +0200
pluto_crypto_allocchunk: Avoid wrapround in assert
commit 4d1dda24046ae4e713d34baf61b1911522736ed8
Author: Florian Weimer <fweimer at redhat.com>
Date: Tue Apr 9 16:21:48 2013 +0200
pluto_crypt_handle_dead_child: Remove, dead code
commit ecce8df69fa88fd89efd62672c238882a3289dbf
Author: Florian Weimer <fweimer at redhat.com>
Date: Tue Apr 9 16:48:22 2013 +0200
humanize_number: Avoid variable format string
Also add check for snprintf result.
commit ba2104c9d4634701e77e18ef95722b9f63c6d2c8
Author: Florian Weimer <fweimer at redhat.com>
Date: Tue Apr 9 17:03:34 2013 +0200
get_addr: Move docstring comment in front of the function
commit 33faa04556b7e8de0547a032b89f4d8e29d336fc
Author: Florian Weimer <fweimer at redhat.com>
Date: Wed Apr 10 09:52:56 2013 +0200
LSW_FDMASK: Avoid signed integer overflow
Shifting into the sign position is currently a GCC extension, but that
may change in the future (according to the GCC manual).
commit 2ea078b21cbaab5f8824b85f95f6e4554f05b54a
Author: Florian Weimer <fweimer at redhat.com>
Date: Wed Apr 10 10:14:20 2013 +0200
format_connection: Avoid using the snprintf return value
commit 612cb44274692713d598347d6cf98c9cdb87df08
Author: Florian Weimer <fweimer at redhat.com>
Date: Wed Apr 10 10:35:57 2013 +0200
biglset_format: Do not rely on the return value of snprintf
commit 4031611a1c187c6e7968add1a54ddfc729befa85
Author: Florian Weimer <fweimer at redhat.com>
Date: Wed Apr 10 10:47:59 2013 +0200
alg_info_snprint: Do not rely on the return value of snprintf
commit e8779816991b191eccdb2c498edae9d1ba9347fb
Author: Florian Weimer <fweimer at redhat.com>
Date: Wed Apr 10 11:21:49 2013 +0200
quick_inI1_outR1_authtail: Do not rely on the snprintf result
commit f137fcb99d40a0b102af1e4fa6e4c0fe98895f97
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Apr 25 13:11:46 2013 -0400
* update changes
commit 7ecc33cd9bf4ee01ae1f72dfb58ee8d25e15cb5d
Author: Florian Weimer <fweimer at redhat.com>
Date: Thu Apr 25 13:08:23 2013 -0400
* security: dn_parse(), hex_str() write beyond end of the buffer
lib/libswan/x509dn.c:dn_parse(), hex_str() seem to write beyond the
end of the buffer, via side effect in the second arguments of
update_chunk calls. update_chunk should call snprintf itself, with
the proper remaining buffer length.
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit 7d0ca355a5c7f8337130d4b0b3e7686f2fa4d4c2
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Apr 25 12:44:55 2013 -0400
* security: atodn() / atoid() buffer overflow
lib/libswan/x509dn.c:atodn() does not perform any length checking
whatsoever on the output buffer.
Affected:
- Libreswan 3.0 and 3.1 (3.2 disabled the oe= option)
- Openswan versions up to and including 2.6.38
- Possibly certain strongswan 3.x/4.x versions
This overflow is exposed (pre-authentication) only in opportunistic
encryption mode. When it is called via receiving a certificate
via IKEv1 or IKEv2, and when it is loaded from disk, the buffers
passed to atodn() are big enough.
This means this vulnerability can only be triggered when:
- Opportunistic Encryption is enabled (oe=yes)
- The attacker is local in the same network and adds a malicious
reverse DNS record to the client's IP, or
- The attacker can trigger an OE DNS lookup to a client fully
configured with OE and their own key.
Libreswan and openswan versions do not enable Opportunistic Encryption
per default. Most distributions like RHEL, Fedora, Debian and Ubuntu
also do not enable OE per default.
This patch addresses the vulnerability in atodn() and further limits the
atoid() call not to traverse into the ASN1 case when triggered by non-cert
cases such as opportunistic encryption.
Vulnerability discoverd by Florian Weimer <fweimer at redhat.com> of the
Red Hat Product Security Team.
Patch by D. Hugh Redelmeier <hugh at mimosa.com> and Paul Wouters <pwouters at redhat.com>
commit 33c14306a63f63b96c833ee325d06ce1adce0856
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Apr 25 12:39:37 2013 -0400
* testing: converted ikev2-04-basic-x509 to kvm
More information about the Swan-commit
mailing list