| [PATCH] fix CVE-2015-4047 |
| |
| Upstream-Status: Backport |
| |
| CVE: CVE-2015-4047 |
| |
| http://www.openwall.com/lists/oss-security/2015/05/20/1 |
| |
| racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause |
| a denial of service (NULL pointer dereference and IKE daemon crash) via |
| a series of crafted UDP requests. |
| |
| https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047 |
| |
| Signed-off-by: Roy Li <rongqing.li@windriver.com> |
| --- |
| src/racoon/gssapi.c | 5 +++++ |
| 1 file changed, 5 insertions(+) |
| |
| diff --git a/src/racoon/gssapi.c b/src/racoon/gssapi.c |
| index e64b201..1ad3b42 100644 |
| --- a/src/racoon/gssapi.c |
| +++ b/src/racoon/gssapi.c |
| @@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1) |
| gss_name_t princ, canon_princ; |
| OM_uint32 maj_stat, min_stat; |
| |
| + if (iph1->rmconf == NULL) { |
| + plog(LLV_ERROR, LOCATION, NULL, "no remote config\n"); |
| + return -1; |
| + } |
| + |
| gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state)); |
| if (gps == NULL) { |
| plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n"); |
| -- |
| 1.9.1 |
| |