* [Buildroot] [git commit] package/ipsec-tools: add security patch to fix CVE-2015-4047
@ 2017-06-05 8:06 Thomas Petazzoni
0 siblings, 0 replies; only message in thread
From: Thomas Petazzoni @ 2017-06-05 8:06 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=ff97e66c56512644577e8e86019f92bf935ed29e
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
package/ipsec-tools/0004-CVE-2015-4047.patch | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/package/ipsec-tools/0004-CVE-2015-4047.patch b/package/ipsec-tools/0004-CVE-2015-4047.patch
new file mode 100644
index 0000000..f53fe5c
--- /dev/null
+++ b/package/ipsec-tools/0004-CVE-2015-4047.patch
@@ -0,0 +1,26 @@
+ipsec-tools: CVE-2015-4047: null pointer dereference crash in racoon
+
+See: https://bugs.gentoo.org/show_bug.cgi?id=550118
+
+Downloaded from
+https://gitweb.gentoo.org/repo/gentoo.git/tree/net-vpn/ipsec-tools/files/ipsec-tools-CVE-2015-4047.patch
+
+See also
+https://sources.debian.net/src/ipsec-tools/1:0.8.2%2B20140711-8/debian/patches/bug785778-null-pointer-deref.patch/
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+
+--- ./src/racoon/gssapi.c 9 Sep 2006 16:22:09 -0000 1.4
++++ ./src/racoon/gssapi.c 19 May 2015 15:16:00 -0000 1.6
+@@ -192,6 +192,11 @@
+ gss_name_t princ, canon_princ;
+ OM_uint32 maj_stat, min_stat;
+
++ if (iph1->rmconf == NULL) {
++ plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
++ return -1;
++ }
++
+ gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
+ if (gps == NULL) {
+ plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2017-06-05 8:06 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-05 8:06 [Buildroot] [git commit] package/ipsec-tools: add security patch to fix CVE-2015-4047 Thomas Petazzoni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.