Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / c7537e7c9f1306129bc0f793c217c6646191b45e / . / meta-openembedded / meta-networking / recipes-support / ipsec-tools / ipsec-tools / fix-CVE-2015-4047.patch
blob: 7e033af5ee4e93fa7694516946b013a91a2ba189 [file] [log] [blame]
[PATCH] fix CVE-2015-4047
Upstream-Status: Backport
CVE: CVE-2015-4047
http://www.openwall.com/lists/oss-security/2015/05/20/1
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause
a denial of service (NULL pointer dereference and IKE daemon crash) via
a series of crafted UDP requests.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047
Signed-off-by: Roy Li <rongqing.li@windriver.com>
---
src/racoon/gssapi.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/racoon/gssapi.c b/src/racoon/gssapi.c
index e64b201..1ad3b42 100644
--- a/src/racoon/gssapi.c
+++ b/src/racoon/gssapi.c
@@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1)
gss_name_t princ, canon_princ;
OM_uint32 maj_stat, min_stat;
+ if (iph1->rmconf == NULL) {
+ plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
+ return -1;
+ }
+
gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
if (gps == NULL) {
plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");
--
1.9.1