[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Mon Nov 18 02:20:51 EET 2013
New commits:
commit 995352f6b7e6904256b2f51e1bbc4455b05d0ba2
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Nov 17 19:19:18 2013 -0500
testing: updated 4 ikev2 test cases
ikev2-algo-01-modp2048-initiator
ikev2-algo-02-modp2048-responder
ikev2-algo-ike-sha2-01
ikev2-algo-ike-sha2-02
Mostly for the blowfish/twofish changes, statsbin, myid, jiffies
layout changes
commit 9b31deafbdbf0c2206358dfbf2d4e343e365f23f
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Nov 14 23:59:14 2013 -0500
SECURITY: Do not inspect or continue on very short packets
Code introduced in Openswan to ensure the IKEv2 minor was ignored
introduced a vulnerability that caused mangled short IKE packets to
be processed as valid IKE packets despite in_struct() returning a
failure, resulting in pluto crashing and restarting.
Reported by Nick Howitt.
Additionally, with the introduction of IKEv2, incoming packets always
assumed it could at least read the IKE Major version number, and would
crash when the packet was overly short and did not contain such a number
This patch ensures the code not attempt to read the IKE version and might cause an
IKEv1 packet to be sent as response to a badly mangled IKEv2 packet, as
we default to IKEv1 for this type of error. It also no longer skips aborting
a failed in_struct() read.
It turns the version number in a loose enum.
Signed-off-by: Paul Wouters <pwouters at redhat.com>
More information about the Swan-commit
mailing list