diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-05-17 09:40:13 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-05-17 09:40:13 +0000 |
commit | ca6f0ad926d2fabed66a049927cea2eb176581da (patch) | |
tree | f8628a402e4a6f4f81be2b2963724e80c4a92e67 | |
parent | 8b2da88e8e533e78dfec86f9d1ed4e5cadfa4ca8 (diff) | |
download | alpine_aports-ca6f0ad926d2fabed66a049927cea2eb176581da.tar.bz2 alpine_aports-ca6f0ad926d2fabed66a049927cea2eb176581da.tar.xz alpine_aports-ca6f0ad926d2fabed66a049927cea2eb176581da.zip |
main/openswan: securiy fix remote buffer overflow in atodn() (CVE-2013-2053)
patches are from http://libreswan.org/security/CVE-2013-2053/
fixes #1895
-rw-r--r-- | main/openswan/APKBUILD | 24 | ||||
-rw-r--r-- | main/openswan/CVE-2013-2052.patch | 346 | ||||
-rw-r--r-- | main/openswan/openswan-libreswan-backport-949437-atodn.patch | 278 | ||||
-rw-r--r-- | main/openswan/openswan-libreswan-backport-949437-do_3des.patch | 61 | ||||
-rw-r--r-- | main/openswan/openswan-libreswan-backport-949437-do_aes.patch | 62 | ||||
-rw-r--r-- | main/openswan/openswan-libreswan-backport-949437-x509dn.patch | 79 |
6 files changed, 849 insertions, 1 deletions
diff --git a/main/openswan/APKBUILD b/main/openswan/APKBUILD index 28cc3c2ece..f126798a8a 100644 --- a/main/openswan/APKBUILD +++ b/main/openswan/APKBUILD | |||
@@ -2,7 +2,7 @@ | |||
2 | # Maintainer: Borys Zhukov <mp5@mp5.im> | 2 | # Maintainer: Borys Zhukov <mp5@mp5.im> |
3 | pkgname=openswan | 3 | pkgname=openswan |
4 | pkgver=2.6.38 | 4 | pkgver=2.6.38 |
5 | pkgrel=1 | 5 | pkgrel=2 |
6 | pkgdesc="IPsec Implementation which Allows Building of VPNs" | 6 | pkgdesc="IPsec Implementation which Allows Building of VPNs" |
7 | url="http://www.openswan.org/" | 7 | url="http://www.openswan.org/" |
8 | arch="all" | 8 | arch="all" |
@@ -12,6 +12,10 @@ makedepends="gmp-dev bison flex coreutils bash" | |||
12 | install="" | 12 | install="" |
13 | subpackages="$pkgname-doc" | 13 | subpackages="$pkgname-doc" |
14 | source="http://download.openswan.org/openswan/$pkgname-$pkgver.tar.gz | 14 | source="http://download.openswan.org/openswan/$pkgname-$pkgver.tar.gz |
15 | openswan-libreswan-backport-949437-atodn.patch | ||
16 | openswan-libreswan-backport-949437-do_3des.patch | ||
17 | openswan-libreswan-backport-949437-do_aes.patch | ||
18 | openswan-libreswan-backport-949437-x509dn.patch | ||
15 | ipsec.initd setup.patch" | 19 | ipsec.initd setup.patch" |
16 | 20 | ||
17 | _builddir="$srcdir"/$pkgname-$pkgver | 21 | _builddir="$srcdir"/$pkgname-$pkgver |
@@ -51,5 +55,23 @@ package() { | |||
51 | 55 | ||
52 | } | 56 | } |
53 | md5sums="13073eb5314b83a31be88e4117e8bbcd openswan-2.6.38.tar.gz | 57 | md5sums="13073eb5314b83a31be88e4117e8bbcd openswan-2.6.38.tar.gz |
58 | 500e936c90ad27545d0ab6450fd888aa openswan-libreswan-backport-949437-atodn.patch | ||
59 | 6dcfd099ed2cf90231c36ba305e46348 openswan-libreswan-backport-949437-do_3des.patch | ||
60 | 578f171370c373e3501b85de7efc3045 openswan-libreswan-backport-949437-do_aes.patch | ||
61 | 730a94960fe593f12b8d1f4ff9266d2a openswan-libreswan-backport-949437-x509dn.patch | ||
54 | f019d1fa23627d54462054fedc9de03b ipsec.initd | 62 | f019d1fa23627d54462054fedc9de03b ipsec.initd |
55 | fd3cd27f9da9140fabd935377c3d6921 setup.patch" | 63 | fd3cd27f9da9140fabd935377c3d6921 setup.patch" |
64 | sha256sums="bdd3ccf31df1f3e8530887986ea8b6702a3db139486738213f5de8d8690b3723 openswan-2.6.38.tar.gz | ||
65 | 8595019c0ae7e1d00579c8d4ca2ba81b68e3be7b99f099b24e6ea1fd35b2bd7d openswan-libreswan-backport-949437-atodn.patch | ||
66 | 84a5e1c309ff707504a8b2f8ef47865adf6e3d9f0c60f3d1a19c5a8464bdfefb openswan-libreswan-backport-949437-do_3des.patch | ||
67 | c36316a70d29553995cf89f7b4b2abcf0e05f1e35d725913cae6bfe161bb81a9 openswan-libreswan-backport-949437-do_aes.patch | ||
68 | 2390ab47cf5763c832dd9d652ff8ff6766547067502e1719031bac23b977d34a openswan-libreswan-backport-949437-x509dn.patch | ||
69 | 02fd160fb8d64f93a094c9f8a0912ed9cb47789601647f4a72ba3f736b220290 ipsec.initd | ||
70 | 6425c491cf1dc366e03e832a1d78bb2846f172ba6fe658b122707157099f9576 setup.patch" | ||
71 | sha512sums="0963a9df548c901eb562185f97d844f57539668f11fbe2a43712223773053895c761b1d5d0be4fffa64014baf58ff2d7cf23676a3da51c5a5134b0639796ad10 openswan-2.6.38.tar.gz | ||
72 | c670392e2e9968f0c9269c50858d24b5dc71126c3e066cbca9ceda53b16ad6fe892d4b32a58054a9cdfa14a81553a219098847b8c79ead00b6b8d05dbd18731d openswan-libreswan-backport-949437-atodn.patch | ||
73 | 14e466379a90c01f26997921c7e4967dfc76de1f58f7370e9755e04e1e351b8a7d8fad8b14af3f4a73d3358cc5271e4a89313aad239f12e92ab596c9d7dd0b02 openswan-libreswan-backport-949437-do_3des.patch | ||
74 | 3204d412bbd194ab49a6a5d465cbe38c0bc33266d096bc6bcc0cb6d4214fc05505eef0694036f40da4d2b56f9b50950cfe9816f1e4540431b49d859f7fb7e690 openswan-libreswan-backport-949437-do_aes.patch | ||
75 | 05c4a026b8baa91766717a58308cee0415403b1dc0632d805e36da906ec22b91c95b92ee701ca2b6d248f641f124d4ab32ed4fe7f42127aa6e3e308bf170ced3 openswan-libreswan-backport-949437-x509dn.patch | ||
76 | 7aefcc624b0e2a50e26f84db6197278c0633eeb38b064c613fbd635cbe606acd1e1280213db7c19f882d809d7eb6ea59a0c47e1b47dfe43de4f1c6deb08d38c4 ipsec.initd | ||
77 | 92152006ef3765c89d28462743bca25ab139c0205187bfb0a2c5992159e390939dc3f5f95c7ccb135d3ad674a756d776b7a7d7db903fd22994cf24478b7a71c8 setup.patch" | ||
diff --git a/main/openswan/CVE-2013-2052.patch b/main/openswan/CVE-2013-2052.patch new file mode 100644 index 0000000000..a34a67789b --- /dev/null +++ b/main/openswan/CVE-2013-2052.patch | |||
@@ -0,0 +1,346 @@ | |||
1 | -----BEGIN PGP SIGNED MESSAGE----- | ||
2 | Hash: SHA256 | ||
3 | |||
4 | commit 7d0ca355a5c7f8337130d4b0b3e7686f2fa4d4c2 | ||
5 | Author: Paul Wouters <pwouters@redhat.com> | ||
6 | Date: Thu Apr 25 12:44:55 2013 -0400 | ||
7 | |||
8 | * security: atodn() / atoid() buffer overflow | ||
9 | |||
10 | lib/libswan/x509dn.c:atodn() does not perform any length checking | ||
11 | whatsoever on the output buffer. | ||
12 | |||
13 | Affected: | ||
14 | - Libreswan 3.0 and 3.1 (3.2 disabled the oe= option) | ||
15 | - Openswan versions up to and including 2.6.38 | ||
16 | - Possibly certain strongswan 3.x/4.x versions | ||
17 | |||
18 | This overflow is exposed (pre-authentication) only in opportunistic | ||
19 | encryption mode. When it is called via receiving a certificate | ||
20 | via IKEv1 or IKEv2, and when it is loaded from disk, the buffers | ||
21 | passed to atodn() are big enough. | ||
22 | |||
23 | This means this vulnerability can only be triggered when: | ||
24 | - Opportunistic Encryption is enabled (oe=yes) | ||
25 | - The attacker is local in the same network and adds a malicious | ||
26 | reverse DNS record to the client's IP, or | ||
27 | - The attacker can trigger an OE DNS lookup to a client fully | ||
28 | configured with OE and their own key. | ||
29 | |||
30 | Libreswan and openswan versions do not enable Opportunistic Encryption | ||
31 | per default. Most distributions like RHEL, Fedora, Debian and Ubuntu | ||
32 | also do not enable OE per default. | ||
33 | |||
34 | This patch addresses the vulnerability in atodn() and further limits the | ||
35 | atoid() call not to traverse into the ASN1 case when triggered by non-cert | ||
36 | cases such as opportunistic encryption. | ||
37 | |||
38 | Vulnerability discoverd by Florian Weimer <fweimer@redhat.com> of the | ||
39 | Red Hat Product Security Team. | ||
40 | |||
41 | Patch by D. Hugh Redelmeier <hugh@mimosa.com> and Paul Wouters <pwouters@redhat.com> | ||
42 | |||
43 | diff --git a/include/asn1.h b/include/asn1.h | ||
44 | index d69ebf9..b812488 100644 | ||
45 | - --- a/include/asn1.h | ||
46 | +++ b/include/asn1.h | ||
47 | @@ -84,8 +84,10 @@ typedef enum { | ||
48 | #define ASN1_BODY 0x20 | ||
49 | #define ASN1_RAW 0x40 | ||
50 | |||
51 | - -#define ASN1_INVALID_LENGTH 0xffffffff | ||
52 | +#define ASN1_INVALID_LENGTH (~(size_t) 0) /* largest size_t */ | ||
53 | |||
54 | +#define ASN1_MAX_LEN (1U << (8*3)) /* don't handle objects with length greater than this */ | ||
55 | +#define ASN1_MAX_LEN_LEN 4 /* no coded length takes more than 4 bytes. */ | ||
56 | |||
57 | /* definition of an ASN.1 object */ | ||
58 | |||
59 | diff --git a/include/id.h b/include/id.h | ||
60 | index d1825b4..b440a11 100644 | ||
61 | - --- a/include/id.h | ||
62 | +++ b/include/id.h | ||
63 | @@ -47,7 +47,7 @@ extern const struct id *resolve_myid(const struct id *id); | ||
64 | extern void set_myFQDN(void); | ||
65 | extern void free_myFQDN(void); | ||
66 | |||
67 | - -extern err_t atoid(char *src, struct id *id, bool myid_ok); | ||
68 | +extern err_t atoid(char *src, struct id *id, bool myid_ok, bool oe_only); | ||
69 | extern void iptoid(const ip_address *ip, struct id *id); | ||
70 | extern unsigned char* temporary_cyclic_buffer(void); | ||
71 | extern int idtoa(const struct id *id, char *dst, size_t dstlen); | ||
72 | diff --git a/lib/libswan/id.c b/lib/libswan/id.c | ||
73 | index 4442971..31ca7e5 100644 | ||
74 | - --- a/lib/libswan/id.c | ||
75 | +++ b/lib/libswan/id.c | ||
76 | @@ -58,27 +58,29 @@ temporary_cyclic_buffer(void) | ||
77 | |||
78 | /* Convert textual form of id into a (temporary) struct id. | ||
79 | * Note that if the id is to be kept, unshare_id_content will be necessary. | ||
80 | + * This function should be split into parts so the boolean arguments can be | ||
81 | + * removed -- Paul | ||
82 | */ | ||
83 | err_t | ||
84 | - -atoid(char *src, struct id *id, bool myid_ok) | ||
85 | +atoid(char *src, struct id *id, bool myid_ok, bool oe_only) | ||
86 | { | ||
87 | err_t ugh = NULL; | ||
88 | |||
89 | *id = empty_id; | ||
90 | |||
91 | - - if (myid_ok && streq("%myid", src)) | ||
92 | + if (!oe_only && myid_ok && streq("%myid", src)) | ||
93 | { | ||
94 | id->kind = ID_MYID; | ||
95 | } | ||
96 | - - else if (streq("%fromcert", src)) | ||
97 | + else if (!oe_only && streq("%fromcert", src)) | ||
98 | { | ||
99 | id->kind = ID_FROMCERT; | ||
100 | } | ||
101 | - - else if (streq("%none", src)) | ||
102 | + else if (!oe_only && streq("%none", src)) | ||
103 | { | ||
104 | id->kind = ID_NONE; | ||
105 | } | ||
106 | - - else if (strchr(src, '=') != NULL) | ||
107 | + else if (!oe_only && strchr(src, '=') != NULL) | ||
108 | { | ||
109 | /* we interpret this as an ASCII X.501 ID_DER_ASN1_DN */ | ||
110 | id->kind = ID_DER_ASN1_DN; | ||
111 | @@ -112,7 +114,7 @@ atoid(char *src, struct id *id, bool myid_ok) | ||
112 | { | ||
113 | if (*src == '@') | ||
114 | { | ||
115 | - - if (*(src+1) == '#') | ||
116 | + if (!oe_only && *(src+1) == '#') | ||
117 | { | ||
118 | /* if there is a second specifier (#) on the line | ||
119 | * we interprete this as ID_KEY_ID | ||
120 | @@ -123,7 +125,7 @@ atoid(char *src, struct id *id, bool myid_ok) | ||
121 | ugh = ttodata(src+2, 0, 16, (char *)id->name.ptr | ||
122 | , strlen(src), &id->name.len); | ||
123 | } | ||
124 | - - else if (*(src+1) == '~') | ||
125 | + else if (!oe_only && *(src+1) == '~') | ||
126 | { | ||
127 | /* if there is a second specifier (~) on the line | ||
128 | * we interprete this as a binary ID_DER_ASN1_DN | ||
129 | @@ -134,7 +136,7 @@ atoid(char *src, struct id *id, bool myid_ok) | ||
130 | ugh = ttodata(src+2, 0, 16, (char *)id->name.ptr | ||
131 | , strlen(src), &id->name.len); | ||
132 | } | ||
133 | - - else if (*(src+1) == '[') | ||
134 | + else if (!oe_only && *(src+1) == '[') | ||
135 | { | ||
136 | /* if there is a second specifier ([) on the line | ||
137 | * we interprete this as a text ID_KEY_ID, and we remove | ||
138 | diff --git a/lib/libswan/secrets.c b/lib/libswan/secrets.c | ||
139 | index 6e9466b..8ff80e0 100644 | ||
140 | - --- a/lib/libswan/secrets.c | ||
141 | +++ b/lib/libswan/secrets.c | ||
142 | @@ -1223,7 +1223,7 @@ lsw_process_secret_records(struct secret **psecrets, int verbose, | ||
143 | } | ||
144 | else | ||
145 | { | ||
146 | - - ugh = atoid(flp->tok, &id, FALSE); | ||
147 | + ugh = atoid(flp->tok, &id, FALSE, FALSE); | ||
148 | } | ||
149 | |||
150 | if (ugh != NULL) | ||
151 | diff --git a/lib/libswan/x509dn.c b/lib/libswan/x509dn.c | ||
152 | index 61407e5..7731856 100644 | ||
153 | - --- a/lib/libswan/x509dn.c | ||
154 | +++ b/lib/libswan/x509dn.c | ||
155 | @@ -472,7 +472,7 @@ static const x501rdn_t x501rdns[] = { | ||
156 | {"TCGID" , {oid_TCGID, 12}, ASN1_PRINTABLESTRING} | ||
157 | }; | ||
158 | |||
159 | - -#define X501_RDN_ROOF 24 | ||
160 | +#define X501_RDN_ROOF elemsof(x501rdns) | ||
161 | |||
162 | /* Maximum length of ASN.1 distinquished name */ | ||
163 | #define ASN1_BUF_LEN 512 | ||
164 | @@ -775,11 +775,11 @@ atodn(char *src, chunk_t *dn) | ||
165 | UNKNOWN_OID = 4 | ||
166 | } state_t; | ||
167 | |||
168 | - - u_char oid_len_buf[3]; | ||
169 | - - u_char name_len_buf[3]; | ||
170 | - - u_char rdn_seq_len_buf[3]; | ||
171 | - - u_char rdn_set_len_buf[3]; | ||
172 | - - u_char dn_seq_len_buf[3]; | ||
173 | + u_char oid_len_buf[ASN1_MAX_LEN_LEN]; | ||
174 | + u_char name_len_buf[ASN1_MAX_LEN_LEN]; | ||
175 | + u_char rdn_seq_len_buf[ASN1_MAX_LEN_LEN]; | ||
176 | + u_char rdn_set_len_buf[ASN1_MAX_LEN_LEN]; | ||
177 | + u_char dn_seq_len_buf[ASN1_MAX_LEN_LEN]; | ||
178 | |||
179 | chunk_t asn1_oid_len = { oid_len_buf, 0 }; | ||
180 | chunk_t asn1_name_len = { name_len_buf, 0 }; | ||
181 | @@ -797,7 +797,7 @@ atodn(char *src, chunk_t *dn) | ||
182 | |||
183 | err_t ugh = NULL; | ||
184 | |||
185 | - - u_char *dn_ptr = dn->ptr + 4; | ||
186 | + u_char *dn_ptr = dn->ptr + 1 + ASN1_MAX_LEN_LEN; /* leave room for prefix */ | ||
187 | |||
188 | state_t state = SEARCH_OID; | ||
189 | |||
190 | @@ -885,25 +885,37 @@ atodn(char *src, chunk_t *dn) | ||
191 | code_asn1_length(rdn_set_len, &asn1_rdn_set_len); | ||
192 | |||
193 | /* encode the relative distinguished name */ | ||
194 | - - *dn_ptr++ = ASN1_SET; | ||
195 | - - chunkcpy(dn_ptr, asn1_rdn_set_len); | ||
196 | - - *dn_ptr++ = ASN1_SEQUENCE; | ||
197 | - - chunkcpy(dn_ptr, asn1_rdn_seq_len); | ||
198 | - - *dn_ptr++ = ASN1_OID; | ||
199 | - - chunkcpy(dn_ptr, asn1_oid_len); | ||
200 | - - chunkcpy(dn_ptr, x501rdns[pos].oid); | ||
201 | - - /* encode the ASN.1 character string type of the name */ | ||
202 | - - *dn_ptr++ = (x501rdns[pos].type == ASN1_PRINTABLESTRING | ||
203 | - - && !is_printablestring(name))? ASN1_T61STRING : x501rdns[pos].type; | ||
204 | - - chunkcpy(dn_ptr, asn1_name_len); | ||
205 | - - chunkcpy(dn_ptr, name); | ||
206 | - - | ||
207 | - - /* accumulate the length of the distinguished name sequence */ | ||
208 | - - dn_seq_len += 1 + asn1_rdn_set_len.len + rdn_set_len; | ||
209 | - - | ||
210 | - - /* reset name and change state */ | ||
211 | - - name = empty_chunk; | ||
212 | - - state = SEARCH_OID; | ||
213 | + if (IDTOA_BUF < dn_ptr - dn->ptr | ||
214 | + + 1 + asn1_rdn_set_len.len /* set */ | ||
215 | + + 1 + asn1_rdn_seq_len.len /* sequence */ | ||
216 | + + 1 + asn1_oid_len.len + x501rdns[pos].oid.len /* oid len, oid */ | ||
217 | + + 1 + asn1_name_len.len + name.len /* type name */ | ||
218 | + ) { | ||
219 | + /* no room! */ | ||
220 | + ugh = "DN is too big"; | ||
221 | + state = UNKNOWN_OID; | ||
222 | + /* I think that it is safe to continue (but perhaps pointless) */ | ||
223 | + } else { | ||
224 | + *dn_ptr++ = ASN1_SET; | ||
225 | + chunkcpy(dn_ptr, asn1_rdn_set_len); | ||
226 | + *dn_ptr++ = ASN1_SEQUENCE; | ||
227 | + chunkcpy(dn_ptr, asn1_rdn_seq_len); | ||
228 | + *dn_ptr++ = ASN1_OID; | ||
229 | + chunkcpy(dn_ptr, asn1_oid_len); | ||
230 | + chunkcpy(dn_ptr, x501rdns[pos].oid); | ||
231 | + /* encode the ASN.1 character string type of the name */ | ||
232 | + *dn_ptr++ = (x501rdns[pos].type == ASN1_PRINTABLESTRING | ||
233 | + && !is_printablestring(name))? ASN1_T61STRING : x501rdns[pos].type; | ||
234 | + chunkcpy(dn_ptr, asn1_name_len); | ||
235 | + chunkcpy(dn_ptr, name); | ||
236 | + | ||
237 | + /* accumulate the length of the distinguished name sequence */ | ||
238 | + dn_seq_len += 1 + asn1_rdn_set_len.len + rdn_set_len; | ||
239 | + | ||
240 | + /* reset name and change state */ | ||
241 | + name = empty_chunk; | ||
242 | + state = SEARCH_OID; | ||
243 | + } | ||
244 | } | ||
245 | break; | ||
246 | case UNKNOWN_OID: | ||
247 | @@ -911,9 +923,9 @@ atodn(char *src, chunk_t *dn) | ||
248 | } | ||
249 | } while (*src++ != '\0'); | ||
250 | |||
251 | - - /* complete the distinguished name sequence*/ | ||
252 | - - code_asn1_length(dn_seq_len, &asn1_dn_seq_len); | ||
253 | - - dn->ptr += 3 - asn1_dn_seq_len.len; | ||
254 | + /* complete the distinguished name sequence: prefix it with ASN1_SEQUENCE and length */ | ||
255 | + code_asn1_length((size_t)dn_seq_len, &asn1_dn_seq_len); | ||
256 | + dn->ptr += ASN1_MAX_LEN_LEN + 1 - 1 - asn1_dn_seq_len.len; | ||
257 | dn->len = 1 + asn1_dn_seq_len.len + dn_seq_len; | ||
258 | dn_ptr = dn->ptr; | ||
259 | *dn_ptr++ = ASN1_SEQUENCE; | ||
260 | diff --git a/programs/pluto/connections.c b/programs/pluto/connections.c | ||
261 | index e8d326b..f08521b 100644 | ||
262 | - --- a/programs/pluto/connections.c | ||
263 | +++ b/programs/pluto/connections.c | ||
264 | @@ -911,7 +911,7 @@ extract_end(struct end *dst, const struct whack_end *src, const char *which) | ||
265 | } | ||
266 | else | ||
267 | { | ||
268 | - - err_t ugh = atoid(src->id, &dst->id, TRUE); | ||
269 | + err_t ugh = atoid(src->id, &dst->id, TRUE, FALSE); | ||
270 | |||
271 | if (ugh != NULL) | ||
272 | { | ||
273 | diff --git a/programs/pluto/dnskey.c b/programs/pluto/dnskey.c | ||
274 | index 5525d12..78f1d0a 100644 | ||
275 | - --- a/programs/pluto/dnskey.c | ||
276 | +++ b/programs/pluto/dnskey.c | ||
277 | @@ -277,8 +277,12 @@ decode_iii(char **pp, struct id *gw_id) | ||
278 | if (*p == '@') | ||
279 | { | ||
280 | /* gateway specification in this record is @FQDN */ | ||
281 | - - err_t ugh = atoid(p, gw_id, FALSE); | ||
282 | |||
283 | + if(strspn(p,' ') >= IDTOA_BUF) { | ||
284 | + return builddiag("malformed FQDN in TXT " our_TXT_attr_string ": ID too large for IDTOA_BUF"); | ||
285 | + } | ||
286 | + | ||
287 | + err_t ugh = atoid(p, gw_id, FALSE, TRUE); /* only run OE related parts of atoid() */ | ||
288 | if (ugh != NULL) | ||
289 | return builddiag("malformed FQDN in TXT " our_TXT_attr_string ": %s" | ||
290 | , ugh); | ||
291 | diff --git a/programs/pluto/myid.c b/programs/pluto/myid.c | ||
292 | index bdd0e12..2e92f25 100644 | ||
293 | - --- a/programs/pluto/myid.c | ||
294 | +++ b/programs/pluto/myid.c | ||
295 | @@ -103,7 +103,7 @@ set_myid(enum myid_state s, char *idstr) | ||
296 | if (idstr != NULL) | ||
297 | { | ||
298 | struct id id; | ||
299 | - - err_t ugh = atoid(idstr, &id, FALSE); | ||
300 | + err_t ugh = atoid(idstr, &id, FALSE, FALSE); | ||
301 | |||
302 | if (ugh != NULL) | ||
303 | { | ||
304 | diff --git a/programs/pluto/rcv_whack.c b/programs/pluto/rcv_whack.c | ||
305 | index 1725357..7d5072c 100644 | ||
306 | - --- a/programs/pluto/rcv_whack.c | ||
307 | +++ b/programs/pluto/rcv_whack.c | ||
308 | @@ -259,7 +259,7 @@ static void | ||
309 | key_add_request(const struct whack_message *msg) | ||
310 | { | ||
311 | struct id keyid; | ||
312 | - - err_t ugh = atoid(msg->keyid, &keyid, FALSE); | ||
313 | + err_t ugh = atoid(msg->keyid, &keyid, FALSE, FALSE); | ||
314 | |||
315 | if (ugh != NULL) | ||
316 | { | ||
317 | diff --git a/programs/showhostkey/showhostkey.c b/programs/showhostkey/showhostkey.c | ||
318 | index c9fe9cf..bf87080 100644 | ||
319 | - --- a/programs/showhostkey/showhostkey.c | ||
320 | +++ b/programs/showhostkey/showhostkey.c | ||
321 | @@ -203,7 +203,7 @@ struct secret *pick_key(struct secret *host_secrets | ||
322 | struct secret *s; | ||
323 | err_t e; | ||
324 | |||
325 | - - e = atoid(idname, &id, FALSE); | ||
326 | + e = atoid(idname, &id, FALSE, FALSE); | ||
327 | if(e) { | ||
328 | printf("%s: key '%s' is invalid\n", progname, idname); | ||
329 | exit(4); | ||
330 | -----BEGIN PGP SIGNATURE----- | ||
331 | Version: GnuPG v1.4.13 (GNU/Linux) | ||
332 | |||
333 | iQIcBAEBCAAGBQJRkWmnAAoJEIX/S0OzD8b5EZIP+wb5LyvL4jXGYJzvalkCjWL3 | ||
334 | 1cZp5H672jGdVvW/G3bJ5unhjpRt9ASxebHR/4LfWZuWG5U4gdPRjcz1YcuNwVnB | ||
335 | xOXZ4ELWYRFFblkkHz+GO5rSRwmWhFnyGvDdN5Oh6VBcmegHvaKk6uVLPXZJpVdg | ||
336 | 2U1+s+x3EkrcP6IJyTa9pyhZiDWcdYVn3seyHcFCNa3R/Xkwefi3HwA2w8+L18NX | ||
337 | NvIMUx2aXj70cBE5VAg+XJWIZ2Rrlf2zHDM96GUUfGIIH1mzpuxYCFbpGqISmOYI | ||
338 | AAumQ9I4kQGy0ZkWn41Et3ppJvcRFoMlAz70Ay+nbZ/+eqQH9B3KfplfX2UrsXAn | ||
339 | SVvMPypkMfjhUbPG8AWr//6+a0uZxa0PyibNXhhdr+3ocANaZ8ty+ehFmVl0DIBM | ||
340 | rc582erQ8s4Bj8v+4vy1TzkR5HXWhwWhCjD0EnU8zGGjZ2u+1BAYgzTUG4Nqo+/Q | ||
341 | ziJdc71vy+OqyLXTFMdekUuRl40BXuFHHUv6jWeslgIh2/1Z/A0NZzxs2sMFCkEW | ||
342 | anTG32ridJSCqQhSXZ4xW07O5F45csH6qgze2jQdYEizATYsDqeKazEZhmakUsow | ||
343 | v5gj85f5VYGWjoYjKr/HbrueEbeGpV3Twf4tZ6XyCxAjJEt6N8XWidSiMeL3gNIm | ||
344 | cgXmYH+ak4nDLJGyaYDt | ||
345 | =5y9o | ||
346 | -----END PGP SIGNATURE----- | ||
diff --git a/main/openswan/openswan-libreswan-backport-949437-atodn.patch b/main/openswan/openswan-libreswan-backport-949437-atodn.patch new file mode 100644 index 0000000000..524a75b20f --- /dev/null +++ b/main/openswan/openswan-libreswan-backport-949437-atodn.patch | |||
@@ -0,0 +1,278 @@ | |||
1 | diff -Naur openswan-2.6.32-orig/include/asn1.h openswan-2.6.32/include/asn1.h | ||
2 | --- openswan-2.6.32-orig/include/asn1.h 2010-12-17 20:23:54.000000000 -0500 | ||
3 | +++ openswan-2.6.32/include/asn1.h 2013-04-24 13:11:05.799140126 -0400 | ||
4 | @@ -84,8 +84,10 @@ | ||
5 | #define ASN1_BODY 0x20 | ||
6 | #define ASN1_RAW 0x40 | ||
7 | |||
8 | -#define ASN1_INVALID_LENGTH 0xffffffff | ||
9 | +#define ASN1_INVALID_LENGTH (~(size_t) 0) /* largest size_t */ | ||
10 | |||
11 | +#define ASN1_MAX_LEN (1U << (8*3)) /* don't handle objects with length greater than this */ | ||
12 | +#define ASN1_MAX_LEN_LEN 4 /* no coded length takes more than 4 bytes. */ | ||
13 | |||
14 | /* definition of an ASN.1 object */ | ||
15 | |||
16 | diff -Naur openswan-2.6.32-orig/include/id.h openswan-2.6.32/include/id.h | ||
17 | --- openswan-2.6.32-orig/include/id.h 2010-12-17 20:23:54.000000000 -0500 | ||
18 | +++ openswan-2.6.32/include/id.h 2013-04-24 13:11:05.799140126 -0400 | ||
19 | @@ -46,7 +46,7 @@ | ||
20 | extern const struct id *resolve_myid(const struct id *id); | ||
21 | extern void set_myFQDN(void); | ||
22 | |||
23 | -extern err_t atoid(char *src, struct id *id, bool myid_ok); | ||
24 | +extern err_t atoid(char *src, struct id *id, bool myid_ok, bool oe_only); | ||
25 | extern void iptoid(const ip_address *ip, struct id *id); | ||
26 | extern unsigned char* temporary_cyclic_buffer(void); | ||
27 | extern int idtoa(const struct id *id, char *dst, size_t dstlen); | ||
28 | diff -Naur openswan-2.6.32-orig/lib/libopenswan/id.c openswan-2.6.32/lib/libopenswan/id.c | ||
29 | --- openswan-2.6.32-orig/lib/libopenswan/id.c 2010-12-17 20:23:54.000000000 -0500 | ||
30 | +++ openswan-2.6.32/lib/libopenswan/id.c 2013-04-24 13:11:05.799140126 -0400 | ||
31 | @@ -57,27 +57,29 @@ | ||
32 | |||
33 | /* Convert textual form of id into a (temporary) struct id. | ||
34 | * Note that if the id is to be kept, unshare_id_content will be necessary. | ||
35 | + * This function should be split into parts so the boolean arguments can be | ||
36 | + * removed -- Paul | ||
37 | */ | ||
38 | err_t | ||
39 | -atoid(char *src, struct id *id, bool myid_ok) | ||
40 | +atoid(char *src, struct id *id, bool myid_ok, bool oe_only) | ||
41 | { | ||
42 | err_t ugh = NULL; | ||
43 | |||
44 | *id = empty_id; | ||
45 | |||
46 | - if (myid_ok && streq("%myid", src)) | ||
47 | + if (!oe_only && myid_ok && streq("%myid", src)) | ||
48 | { | ||
49 | id->kind = ID_MYID; | ||
50 | } | ||
51 | - else if (streq("%fromcert", src)) | ||
52 | + else if (!oe_only && streq("%fromcert", src)) | ||
53 | { | ||
54 | id->kind = ID_FROMCERT; | ||
55 | } | ||
56 | - else if (streq("%none", src)) | ||
57 | + else if (!oe_only && streq("%none", src)) | ||
58 | { | ||
59 | id->kind = ID_NONE; | ||
60 | } | ||
61 | - else if (strchr(src, '=') != NULL) | ||
62 | + else if (!oe_only && strchr(src, '=') != NULL) | ||
63 | { | ||
64 | /* we interpret this as an ASCII X.501 ID_DER_ASN1_DN */ | ||
65 | id->kind = ID_DER_ASN1_DN; | ||
66 | @@ -111,7 +113,7 @@ | ||
67 | { | ||
68 | if (*src == '@') | ||
69 | { | ||
70 | - if (*(src+1) == '#') | ||
71 | + if (!oe_only && *(src+1) == '#') | ||
72 | { | ||
73 | /* if there is a second specifier (#) on the line | ||
74 | * we interprete this as ID_KEY_ID | ||
75 | @@ -122,7 +124,7 @@ | ||
76 | ugh = ttodata(src+2, 0, 16, (char *)id->name.ptr | ||
77 | , strlen(src), &id->name.len); | ||
78 | } | ||
79 | - else if (*(src+1) == '~') | ||
80 | + else if (!oe_only && *(src+1) == '~') | ||
81 | { | ||
82 | /* if there is a second specifier (~) on the line | ||
83 | * we interprete this as a binary ID_DER_ASN1_DN | ||
84 | @@ -133,7 +135,7 @@ | ||
85 | ugh = ttodata(src+2, 0, 16, (char *)id->name.ptr | ||
86 | , strlen(src), &id->name.len); | ||
87 | } | ||
88 | - else if (*(src+1) == '[') | ||
89 | + else if (!oe_only && *(src+1) == '[') | ||
90 | { | ||
91 | /* if there is a second specifier ([) on the line | ||
92 | * we interprete this as a text ID_KEY_ID, and we remove | ||
93 | diff -Naur openswan-2.6.32-orig/lib/libopenswan/secrets.c openswan-2.6.32/lib/libopenswan/secrets.c | ||
94 | --- openswan-2.6.32-orig/lib/libopenswan/secrets.c 2010-12-17 20:23:54.000000000 -0500 | ||
95 | +++ openswan-2.6.32/lib/libopenswan/secrets.c 2013-04-24 13:11:05.800140140 -0400 | ||
96 | @@ -1299,7 +1299,7 @@ | ||
97 | } | ||
98 | else | ||
99 | { | ||
100 | - ugh = atoid(flp->tok, &id, FALSE); | ||
101 | + ugh = atoid(flp->tok, &id, FALSE, FALSE); | ||
102 | } | ||
103 | |||
104 | if (ugh != NULL) | ||
105 | diff -Naur openswan-2.6.32-orig/lib/libopenswan/x509dn.c openswan-2.6.32/lib/libopenswan/x509dn.c | ||
106 | --- openswan-2.6.32-orig/lib/libopenswan/x509dn.c 2010-12-17 20:23:54.000000000 -0500 | ||
107 | +++ openswan-2.6.32/lib/libopenswan/x509dn.c 2013-04-24 13:11:05.801140153 -0400 | ||
108 | @@ -476,7 +476,7 @@ | ||
109 | {"TCGID" , {oid_TCGID, 12}, ASN1_PRINTABLESTRING} | ||
110 | }; | ||
111 | |||
112 | -#define X501_RDN_ROOF 24 | ||
113 | +#define X501_RDN_ROOF elemsof(x501rdns) | ||
114 | |||
115 | /* Maximum length of ASN.1 distinquished name */ | ||
116 | #define ASN1_BUF_LEN 512 | ||
117 | @@ -746,11 +746,11 @@ | ||
118 | UNKNOWN_OID = 4 | ||
119 | } state_t; | ||
120 | |||
121 | - u_char oid_len_buf[3]; | ||
122 | - u_char name_len_buf[3]; | ||
123 | - u_char rdn_seq_len_buf[3]; | ||
124 | - u_char rdn_set_len_buf[3]; | ||
125 | - u_char dn_seq_len_buf[3]; | ||
126 | + u_char oid_len_buf[ASN1_MAX_LEN_LEN]; | ||
127 | + u_char name_len_buf[ASN1_MAX_LEN_LEN]; | ||
128 | + u_char rdn_seq_len_buf[ASN1_MAX_LEN_LEN]; | ||
129 | + u_char rdn_set_len_buf[ASN1_MAX_LEN_LEN]; | ||
130 | + u_char dn_seq_len_buf[ASN1_MAX_LEN_LEN]; | ||
131 | |||
132 | chunk_t asn1_oid_len = { oid_len_buf, 0 }; | ||
133 | chunk_t asn1_name_len = { name_len_buf, 0 }; | ||
134 | @@ -768,7 +768,7 @@ | ||
135 | |||
136 | err_t ugh = NULL; | ||
137 | |||
138 | - u_char *dn_ptr = dn->ptr + 4; | ||
139 | + u_char *dn_ptr = dn->ptr + 1 + ASN1_MAX_LEN_LEN; /* leave room for prefix */ | ||
140 | |||
141 | state_t state = SEARCH_OID; | ||
142 | |||
143 | @@ -841,25 +841,37 @@ | ||
144 | code_asn1_length(rdn_set_len, &asn1_rdn_set_len); | ||
145 | |||
146 | /* encode the relative distinguished name */ | ||
147 | - *dn_ptr++ = ASN1_SET; | ||
148 | - chunkcpy(dn_ptr, asn1_rdn_set_len); | ||
149 | - *dn_ptr++ = ASN1_SEQUENCE; | ||
150 | - chunkcpy(dn_ptr, asn1_rdn_seq_len); | ||
151 | - *dn_ptr++ = ASN1_OID; | ||
152 | - chunkcpy(dn_ptr, asn1_oid_len); | ||
153 | - chunkcpy(dn_ptr, x501rdns[pos].oid); | ||
154 | - /* encode the ASN.1 character string type of the name */ | ||
155 | - *dn_ptr++ = (x501rdns[pos].type == ASN1_PRINTABLESTRING | ||
156 | - && !is_printablestring(name))? ASN1_T61STRING : x501rdns[pos].type; | ||
157 | - chunkcpy(dn_ptr, asn1_name_len); | ||
158 | - chunkcpy(dn_ptr, name); | ||
159 | - | ||
160 | - /* accumulate the length of the distinguished name sequence */ | ||
161 | - dn_seq_len += 1 + asn1_rdn_set_len.len + rdn_set_len; | ||
162 | - | ||
163 | - /* reset name and change state */ | ||
164 | - name = empty_chunk; | ||
165 | - state = SEARCH_OID; | ||
166 | + if (IDTOA_BUF < dn_ptr - dn->ptr | ||
167 | + + 1 + asn1_rdn_set_len.len /* set */ | ||
168 | + + 1 + asn1_rdn_seq_len.len /* sequence */ | ||
169 | + + 1 + asn1_oid_len.len + x501rdns[pos].oid.len /* oid len, oid */ | ||
170 | + + 1 + asn1_name_len.len + name.len /* type name */ | ||
171 | + ) { | ||
172 | + /* no room! */ | ||
173 | + ugh = "DN is too big"; | ||
174 | + state = UNKNOWN_OID; | ||
175 | + /* I think that it is safe to continue (but perhaps pointless) */ | ||
176 | + } else { | ||
177 | + *dn_ptr++ = ASN1_SET; | ||
178 | + chunkcpy(dn_ptr, asn1_rdn_set_len); | ||
179 | + *dn_ptr++ = ASN1_SEQUENCE; | ||
180 | + chunkcpy(dn_ptr, asn1_rdn_seq_len); | ||
181 | + *dn_ptr++ = ASN1_OID; | ||
182 | + chunkcpy(dn_ptr, asn1_oid_len); | ||
183 | + chunkcpy(dn_ptr, x501rdns[pos].oid); | ||
184 | + /* encode the ASN.1 character string type of the name */ | ||
185 | + *dn_ptr++ = (x501rdns[pos].type == ASN1_PRINTABLESTRING | ||
186 | + && !is_printablestring(name))? ASN1_T61STRING : x501rdns[pos].type; | ||
187 | + chunkcpy(dn_ptr, asn1_name_len); | ||
188 | + chunkcpy(dn_ptr, name); | ||
189 | + | ||
190 | + /* accumulate the length of the distinguished name sequence */ | ||
191 | + dn_seq_len += 1 + asn1_rdn_set_len.len + rdn_set_len; | ||
192 | + | ||
193 | + /* reset name and change state */ | ||
194 | + name = empty_chunk; | ||
195 | + state = SEARCH_OID; | ||
196 | + } | ||
197 | } | ||
198 | break; | ||
199 | case UNKNOWN_OID: | ||
200 | @@ -867,9 +879,10 @@ | ||
201 | } | ||
202 | } while (*src++ != '\0'); | ||
203 | |||
204 | - /* complete the distinguished name sequence*/ | ||
205 | - code_asn1_length(dn_seq_len, &asn1_dn_seq_len); | ||
206 | - dn->ptr += 3 - asn1_dn_seq_len.len; | ||
207 | + /* complete the distinguished name sequence: prefix it with ASN1_SEQUENCE and length */ | ||
208 | + | ||
209 | + code_asn1_length((size_t)dn_seq_len, &asn1_dn_seq_len); | ||
210 | + dn->ptr += ASN1_MAX_LEN_LEN + 1 - 1 - asn1_dn_seq_len.len; | ||
211 | dn->len = 1 + asn1_dn_seq_len.len + dn_seq_len; | ||
212 | dn_ptr = dn->ptr; | ||
213 | *dn_ptr++ = ASN1_SEQUENCE; | ||
214 | diff -Naur openswan-2.6.32-orig/programs/pluto/connections.c openswan-2.6.32/programs/pluto/connections.c | ||
215 | --- openswan-2.6.32-orig/programs/pluto/connections.c 2013-04-24 13:10:30.520656796 -0400 | ||
216 | +++ openswan-2.6.32/programs/pluto/connections.c 2013-04-24 13:11:05.802140167 -0400 | ||
217 | @@ -891,7 +891,7 @@ | ||
218 | } | ||
219 | else | ||
220 | { | ||
221 | - err_t ugh = atoid(src->id, &dst->id, TRUE); | ||
222 | + err_t ugh = atoid(src->id, &dst->id, TRUE, FALSE); | ||
223 | |||
224 | if (ugh != NULL) | ||
225 | { | ||
226 | diff -Naur openswan-2.6.32-orig/programs/pluto/dnskey.c openswan-2.6.32/programs/pluto/dnskey.c | ||
227 | --- openswan-2.6.32-orig/programs/pluto/dnskey.c 2010-12-17 20:23:54.000000000 -0500 | ||
228 | +++ openswan-2.6.32/programs/pluto/dnskey.c 2013-04-24 13:11:05.803140181 -0400 | ||
229 | @@ -289,8 +289,12 @@ | ||
230 | if (*p == '@') | ||
231 | { | ||
232 | /* gateway specification in this record is @FQDN */ | ||
233 | - err_t ugh = atoid(p, gw_id, FALSE); | ||
234 | |||
235 | + if(strspn(p," ") >= IDTOA_BUF) { | ||
236 | + return builddiag("malformed FQDN in TXT " our_TXT_attr_string ": ID too large for IDTOA_BUF"); | ||
237 | + } | ||
238 | + | ||
239 | + err_t ugh = atoid(p, gw_id, FALSE, TRUE); /* only run OE related parts of atoid() */ | ||
240 | if (ugh != NULL) | ||
241 | return builddiag("malformed FQDN in TXT " our_TXT_attr_string ": %s" | ||
242 | , ugh); | ||
243 | diff -Naur openswan-2.6.32-orig/programs/pluto/myid.c openswan-2.6.32/programs/pluto/myid.c | ||
244 | --- openswan-2.6.32-orig/programs/pluto/myid.c 2010-12-17 20:23:54.000000000 -0500 | ||
245 | +++ openswan-2.6.32/programs/pluto/myid.c 2013-04-24 13:11:05.803140181 -0400 | ||
246 | @@ -103,7 +103,7 @@ | ||
247 | if (idstr != NULL) | ||
248 | { | ||
249 | struct id id; | ||
250 | - err_t ugh = atoid(idstr, &id, FALSE); | ||
251 | + err_t ugh = atoid(idstr, &id, FALSE, FALSE); | ||
252 | |||
253 | if (ugh != NULL) | ||
254 | { | ||
255 | diff -Naur openswan-2.6.32-orig/programs/pluto/rcv_whack.c openswan-2.6.32/programs/pluto/rcv_whack.c | ||
256 | --- openswan-2.6.32-orig/programs/pluto/rcv_whack.c 2013-04-24 13:10:30.392655041 -0400 | ||
257 | +++ openswan-2.6.32/programs/pluto/rcv_whack.c 2013-04-24 13:11:05.803140181 -0400 | ||
258 | @@ -243,7 +243,7 @@ | ||
259 | key_add_request(const struct whack_message *msg) | ||
260 | { | ||
261 | struct id keyid; | ||
262 | - err_t ugh = atoid(msg->keyid, &keyid, FALSE); | ||
263 | + err_t ugh = atoid(msg->keyid, &keyid, FALSE, FALSE); | ||
264 | |||
265 | if (ugh != NULL) | ||
266 | { | ||
267 | diff -Naur openswan-2.6.32-orig/programs/showhostkey/showhostkey.c openswan-2.6.32/programs/showhostkey/showhostkey.c | ||
268 | --- openswan-2.6.32-orig/programs/showhostkey/showhostkey.c 2010-12-17 20:23:54.000000000 -0500 | ||
269 | +++ openswan-2.6.32/programs/showhostkey/showhostkey.c 2013-04-24 13:11:05.804140194 -0400 | ||
270 | @@ -208,7 +208,7 @@ | ||
271 | struct secret *s; | ||
272 | err_t e; | ||
273 | |||
274 | - e = atoid(idname, &id, FALSE); | ||
275 | + e = atoid(idname, &id, FALSE, FALSE); | ||
276 | if(e) { | ||
277 | printf("%s: key '%s' is invalid\n", progname, idname); | ||
278 | exit(4); | ||
diff --git a/main/openswan/openswan-libreswan-backport-949437-do_3des.patch b/main/openswan/openswan-libreswan-backport-949437-do_3des.patch new file mode 100644 index 0000000000..75dbe3b636 --- /dev/null +++ b/main/openswan/openswan-libreswan-backport-949437-do_3des.patch | |||
@@ -0,0 +1,61 @@ | |||
1 | From acdd65497d164082e0462b3f2d4407f0c50ccf71 Mon Sep 17 00:00:00 2001 | ||
2 | From: Florian Weimer <fweimer@redhat.com> | ||
3 | Date: Wed, 10 Apr 2013 10:32:52 +0200 | ||
4 | Subject: [PATCH 06/10] do_3des: Abort on failure | ||
5 | |||
6 | The routine cannot signal encryption failures to the caller | ||
7 | and would leave the buffer unencrypted on error. | ||
8 | --- | ||
9 | lib/libopenswan/pem.c | 14 ++++++++++---- | ||
10 | 1 file changed, 10 insertions(+), 4 deletions(-) | ||
11 | |||
12 | diff --git a/lib/libopenswan/pem.c b/lib/libopenswan/pem.c | ||
13 | index 36da401..d42655a 100644 | ||
14 | --- a/lib/libopenswan/pem.c | ||
15 | +++ b/lib/libopenswan/pem.c | ||
16 | @@ -483,7 +483,7 @@ void do_3des_nss(u_int8_t *buf, size_t buf_len | ||
17 | memcpy(&symkey, key, key_size); | ||
18 | if (symkey == NULL) { | ||
19 | loglog(RC_LOG_SERIOUS, "do_3des: NSS derived enc key is NULL \n"); | ||
20 | - goto out; | ||
21 | + abort(); | ||
22 | } | ||
23 | |||
24 | ivitem.type = siBuffer; | ||
25 | @@ -493,7 +493,7 @@ void do_3des_nss(u_int8_t *buf, size_t buf_len | ||
26 | secparam = PK11_ParamFromIV(ciphermech, &ivitem); | ||
27 | if (secparam == NULL) { | ||
28 | loglog(RC_LOG_SERIOUS, "do_3des: Failure to set up PKCS11 param (err %d)\n",PR_GetError()); | ||
29 | - goto out; | ||
30 | + abort(); | ||
31 | } | ||
32 | |||
33 | outlen = 0; | ||
34 | @@ -505,8 +505,15 @@ void do_3des_nss(u_int8_t *buf, size_t buf_len | ||
35 | } | ||
36 | |||
37 | enccontext = PK11_CreateContextBySymKey(ciphermech, enc? CKA_ENCRYPT: CKA_DECRYPT, symkey, secparam); | ||
38 | + if (enccontext == NULL) { | ||
39 | + loglog(RC_LOG_SERIOUS, "do_3des: PKCS11 context creation failure (err %d)\n", PR_GetError()); | ||
40 | + abort(); | ||
41 | + } | ||
42 | rv = PK11_CipherOp(enccontext, tmp_buf, &outlen, buf_len, buf, buf_len); | ||
43 | - passert(rv==SECSuccess); | ||
44 | + if (rv != SECSuccess) { | ||
45 | + loglog(RC_LOG_SERIOUS, "do_3des: PKCS11 operation failure (err %d)\n", PR_GetError()); | ||
46 | + abort(); | ||
47 | + } | ||
48 | |||
49 | if(enc) { | ||
50 | memcpy(new_iv, (char*) tmp_buf + buf_len-DES_CBC_BLOCK_SIZE, DES_CBC_BLOCK_SIZE); | ||
51 | @@ -518,7 +525,6 @@ void do_3des_nss(u_int8_t *buf, size_t buf_len | ||
52 | PR_Free(tmp_buf); | ||
53 | PR_Free(new_iv); | ||
54 | |||
55 | -out: | ||
56 | if (secparam) { | ||
57 | SECITEM_FreeItem(secparam, PR_TRUE); | ||
58 | } | ||
59 | -- | ||
60 | 1.8.1.4 | ||
61 | |||
diff --git a/main/openswan/openswan-libreswan-backport-949437-do_aes.patch b/main/openswan/openswan-libreswan-backport-949437-do_aes.patch new file mode 100644 index 0000000000..aedb4d34ab --- /dev/null +++ b/main/openswan/openswan-libreswan-backport-949437-do_aes.patch | |||
@@ -0,0 +1,62 @@ | |||
1 | From ee267f812f6d72da400cc24265c399c3e9048a8a Mon Sep 17 00:00:00 2001 | ||
2 | From: Florian Weimer <fweimer@redhat.com> | ||
3 | Date: Wed, 10 Apr 2013 10:33:02 +0200 | ||
4 | Subject: [PATCH 07/10] do_aes: Abort on failure | ||
5 | |||
6 | The routine cannot signal encryption failures to the caller | ||
7 | and would leave the buffer unencrypted on error. | ||
8 | --- | ||
9 | programs/pluto/ike_alg_aes.c | 15 ++++++++++----- | ||
10 | 1 file changed, 10 insertions(+), 5 deletions(-) | ||
11 | |||
12 | diff --git a/programs/pluto/ike_alg_aes.c b/programs/pluto/ike_alg_aes.c | ||
13 | index 1d4aada..95999bb 100644 | ||
14 | --- a/programs/pluto/ike_alg_aes.c | ||
15 | +++ b/programs/pluto/ike_alg_aes.c | ||
16 | @@ -48,7 +48,7 @@ do_aes(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t * | ||
17 | |||
18 | if (symkey == NULL) { | ||
19 | loglog(RC_LOG_SERIOUS, "do_aes: NSS derived enc key in NULL\n"); | ||
20 | - goto out; | ||
21 | + abort(); | ||
22 | } | ||
23 | |||
24 | ivitem.type = siBuffer; | ||
25 | @@ -58,7 +58,7 @@ do_aes(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t * | ||
26 | secparam = PK11_ParamFromIV(ciphermech, &ivitem); | ||
27 | if (secparam == NULL) { | ||
28 | loglog(RC_LOG_SERIOUS, "do_aes: Failure to set up PKCS11 param (err %d)\n",PR_GetError()); | ||
29 | - goto out; | ||
30 | + abort(); | ||
31 | } | ||
32 | |||
33 | outlen = 0; | ||
34 | @@ -69,8 +69,15 @@ do_aes(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t * | ||
35 | } | ||
36 | |||
37 | enccontext = PK11_CreateContextBySymKey(ciphermech, enc? CKA_ENCRYPT : CKA_DECRYPT, symkey, secparam); | ||
38 | + if (enccontext == NULL) { | ||
39 | + loglog(RC_LOG_SERIOUS, "do_aes: PKCS11 context creation failure (err %d)\n", PR_GetError()); | ||
40 | + abort(); | ||
41 | + } | ||
42 | rv = PK11_CipherOp(enccontext, tmp_buf, &outlen, buf_len, buf, buf_len); | ||
43 | - passert(rv==SECSuccess); | ||
44 | + if (rv != SECSuccess) { | ||
45 | + loglog(RC_LOG_SERIOUS, "do_aes: PKCS11 operation failure (err %d)\n", PR_GetError()); | ||
46 | + abort(); | ||
47 | + } | ||
48 | PK11_DestroyContext(enccontext, PR_TRUE); | ||
49 | memcpy(buf,tmp_buf,buf_len); | ||
50 | |||
51 | @@ -81,8 +88,6 @@ do_aes(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t * | ||
52 | memcpy(iv, new_iv, AES_CBC_BLOCK_SIZE); | ||
53 | PR_Free(tmp_buf); | ||
54 | |||
55 | -out: | ||
56 | - | ||
57 | if (secparam) | ||
58 | SECITEM_FreeItem(secparam, PR_TRUE); | ||
59 | DBG(DBG_CRYPT, DBG_log("NSS do_aes: exit")); | ||
60 | -- | ||
61 | 1.8.1.4 | ||
62 | |||
diff --git a/main/openswan/openswan-libreswan-backport-949437-x509dn.patch b/main/openswan/openswan-libreswan-backport-949437-x509dn.patch new file mode 100644 index 0000000000..2d41293771 --- /dev/null +++ b/main/openswan/openswan-libreswan-backport-949437-x509dn.patch | |||
@@ -0,0 +1,79 @@ | |||
1 | diff --git a/lib/libopenswan/x509dn.c b/lib/libopenswan/x509dn.c | ||
2 | index 7731856..43c4bb5 100644 | ||
3 | --- a/lib/libopenswan/x509dn.c | ||
4 | +++ b/lib/libopenswan/x509dn.c | ||
5 | @@ -477,11 +477,25 @@ static const x501rdn_t x501rdns[] = { | ||
6 | /* Maximum length of ASN.1 distinquished name */ | ||
7 | #define ASN1_BUF_LEN 512 | ||
8 | |||
9 | +static void format_chunk(chunk_t *ch, const char *format, ...) PRINTF_LIKE(2); | ||
10 | + | ||
11 | static void | ||
12 | -update_chunk(chunk_t *ch, int n) | ||
13 | +format_chunk(chunk_t *ch, const char *format, ...) | ||
14 | { | ||
15 | - n = (n > -1 && n < (int)ch->len)? n : (int)ch->len-1; | ||
16 | - ch->ptr += n; ch->len -= n; | ||
17 | + if (ch->len > 0) { | ||
18 | + size_t len = ch->len; | ||
19 | + va_list args; | ||
20 | + va_start(args, format); | ||
21 | + int ret = vsnprintf((char *)ch->ptr, len, format, args); | ||
22 | + va_end(args); | ||
23 | + if (ret < 0 || ret > len) { | ||
24 | + ch->ptr += len; | ||
25 | + ch->len = 0; | ||
26 | + } else { | ||
27 | + ch->ptr += ret; | ||
28 | + ch->len -= ret; | ||
29 | + } | ||
30 | + } | ||
31 | } | ||
32 | |||
33 | |||
34 | @@ -612,9 +626,7 @@ dn_parse(chunk_t dn, chunk_t *str) | ||
35 | err_t ugh; | ||
36 | |||
37 | if(dn.ptr == NULL) { | ||
38 | - const char *e = "(empty)"; | ||
39 | - strncpy((char *)str->ptr, e, str->len); | ||
40 | - update_chunk(str, strlen(e)); | ||
41 | + format_chunk(str, "(empty)"); | ||
42 | return NULL; | ||
43 | } | ||
44 | ugh = init_rdn(dn, &rdn, &attribute, &next); | ||
45 | @@ -632,19 +644,17 @@ dn_parse(chunk_t dn, chunk_t *str) | ||
46 | if (first) /* first OID/value pair */ | ||
47 | first = FALSE; | ||
48 | else /* separate OID/value pair by a comma */ | ||
49 | - update_chunk(str, snprintf((char *)str->ptr,str->len,", ")); | ||
50 | + format_chunk(str, ", "); | ||
51 | |||
52 | /* print OID */ | ||
53 | oid_code = known_oid(oid); | ||
54 | if (oid_code == OID_UNKNOWN) /* OID not found in list */ | ||
55 | hex_str(oid, str); | ||
56 | else | ||
57 | - update_chunk(str, snprintf((char *)str->ptr,str->len,"%s", | ||
58 | - oid_names[oid_code].name)); | ||
59 | + format_chunk(str, "%s", oid_names[oid_code].name); | ||
60 | |||
61 | /* print value */ | ||
62 | - update_chunk(str, snprintf((char *)str->ptr,str->len,"=%.*s", | ||
63 | - (int)value.len,value.ptr)); | ||
64 | + format_chunk(str, "=%.*s", (int)value.len, value.ptr); | ||
65 | } | ||
66 | return NULL; | ||
67 | } | ||
68 | @@ -684,9 +694,9 @@ void | ||
69 | hex_str(chunk_t bin, chunk_t *str) | ||
70 | { | ||
71 | u_int i; | ||
72 | - update_chunk(str, snprintf((char *)str->ptr,str->len,"0x")); | ||
73 | + format_chunk(str, "0x"); | ||
74 | for (i=0; i < bin.len; i++) | ||
75 | - update_chunk(str, snprintf((char *)str->ptr,str->len,"%02X",*bin.ptr++)); | ||
76 | + format_chunk(str, "%02X", *bin.ptr++); | ||
77 | } | ||
78 | |||
79 | |||