commit strongswan for openSUSE:Factory
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package strongswan for openSUSE:Factory checked in at Fri Aug 13 02:40:56 CEST 2010. -------- --- strongswan/strongswan.changes 2010-07-02 16:19:24.000000000 +0200 +++ /mounts/work_src_done/STABLE/strongswan/strongswan.changes 2010-08-02 12:52:54.000000000 +0200 @@ -1,0 +2,7 @@ +Fri Jul 2 15:40:17 UTC 2010 - mt@suse.de + +- Applied upstream patch fixing snprintf flaws in the strongSwan + IKE daemons exploitable by unauthenticated attackers using a + crafted certificate or identification payload (bnc#615915). + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- strongswan-4.4.0-snprintf-fix.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ strongswan.spec ++++++ --- /var/tmp/diff_new_pack.zSQHG2/_old 2010-08-13 02:40:15.000000000 +0200 +++ /var/tmp/diff_new_pack.zSQHG2/_new 2010-08-13 02:40:15.000000000 +0200 @@ -23,7 +23,7 @@ %define strongswan_docdir %{_docdir}/%{name} %define strongswan_plugins %{_libexecdir}/ipsec/plugins Version: 4.4.0 -Release: 2 +Release: 6 License: GPLv2+ Group: Productivity/Networking/Security Summary: OpenSource IPsec-based VPN Solution @@ -38,6 +38,7 @@ Source3: %{name}-%{version}-rpmlintrc Source4: README.SUSE Patch1: %{name}_modprobe_syslog.patch +Patch2: %{name}-4.4.0-snprintf-fix.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison flex gmp-devel gperf pkg-config BuildRequires: libcap-devel @@ -189,6 +190,7 @@ %prep %setup -q -n %{name}-%{upstream_version} %patch1 -p0 +%patch2 -p1 sed -e 's|@libexecdir@|%_libexecdir|g' \ < $RPM_SOURCE_DIR/strongswan.init.in \ > strongswan.init ++++++ strongswan-4.4.0-snprintf-fix.diff ++++++
From 96e2f9f3a70a7c918772f7dde57c6cb8befbc60e Mon Sep 17 00:00:00 2001 From: Martin Willi
Date: Fri, 18 Jun 2010 09:18:27 +0200 Subject: [PATCH] snprintf() fixes, version 4.4.0
--- .../credentials/ietf_attributes/ietf_attributes.c | 13 +++++++++++-- src/libstrongswan/utils/identification.c | 12 ++++++++++++ src/pluto/x509.c | 4 ++++ 3 files changed, 27 insertions(+), 2 deletions(-) diff --git a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c index ff3ddeb..de5b85b 100644 --- a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c +++ b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c @@ -159,7 +159,7 @@ static char* get_string(private_ietf_attributes_t *this) enumerator = this->list->create_enumerator(this->list); while (enumerator->enumerate(enumerator, &attr)) { - int written = 0; + int written; if (first) { @@ -168,8 +168,12 @@ static char* get_string(private_ietf_attributes_t *this) else { written = snprintf(pos, len, ", "); + if (written < 0 || written >= len) + { + break; + } pos += written; - len -= written; + len -= written; } switch (attr->type) @@ -194,8 +198,13 @@ static char* get_string(private_ietf_attributes_t *this) break; } default: + written = 0; break; } + if (written < 0 || written >= len) + { + break; + } pos += written; len -= written; } diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index 6a3c393..6ccfa19 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -297,18 +297,30 @@ static void dntoa(chunk_t dn, char *buf, size_t len) { written = snprintf(buf, len,"%s=", oid_names[oid].name); } + if (written < 0 || written >= len) + { + break; + } buf += written; len -= written; chunk_printable(data, &printable, '?'); written = snprintf(buf, len, "%.*s", printable.len, printable.ptr); chunk_free(&printable); + if (written < 0 || written >= len) + { + break; + } buf += written; len -= written; if (data.ptr + data.len != dn.ptr + dn.len) { written = snprintf(buf, len, ", "); + if (written < 0 || written >= len) + { + break; + } buf += written; len -= written; } diff --git a/src/pluto/x509.c b/src/pluto/x509.c index 0a29830..0abebc6 100644 --- a/src/pluto/x509.c +++ b/src/pluto/x509.c @@ -393,6 +393,10 @@ void list_x509cert_chain(const char *caption, cert_t* cert, { written = snprintf(pos, len, ", %Y", id); } + if (written < 0 || written >= len) + { + break; + } pos += written; len -= written; } -- 1.7.0.4 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de