meta-openembedded/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-pointers.patch - openbmc/openbmc - Gitiles

 Subject: [PATCH] ipsec-tools: racoon: check several invalid pointers

 Upstream-Status: Pending

 Add checking for invalid pointers, or it will crash racoon.

 Signed-off-by: Ming Liu <ming.liu@windriver.com>
 ---
  ipsec_doi.c    |    5 +++--
  isakmp_cfg.c   |    7 +++++++
  isakmp_quick.c |    6 ++++--
  3 files changed, 14 insertions(+), 4 deletions(-)

 diff -urpN a/src/racoon/ipsec_doi.c b/src/racoon/ipsec_doi.c
 --- a/src/racoon/ipsec_doi.c
 +++ b/src/racoon/ipsec_doi.c
 @@ -3374,8 +3374,9 @@ ipsecdoi_chkcmpids( idt, ids, exact )

  	/* handle wildcard IDs */

 -	if (idt == NULL || ids == NULL)
 -	{
 +	if (idt == NULL || ids == NULL ||
 +	    idt->v == NULL || idt->l == 0 ||
 +	    ids->v == NULL || ids->l == 0) {
  		if( !exact )
  		{
  			plog(LLV_DEBUG, LOCATION, NULL,
 diff -urpN a/src/racoon/isakmp_cfg.c b/src/racoon/isakmp_cfg.c
 --- a/src/racoon/isakmp_cfg.c
 +++ b/src/racoon/isakmp_cfg.c
 @@ -1138,6 +1138,13 @@ isakmp_cfg_newiv(iph1, msgid)
  		return NULL;
  	}

 +	if (iph1->ivm == NULL || iph1->ivm->iv == NULL ||
 +	    iph1->ivm->iv->v == NULL || iph1->ivm->iv->l == 0) {
 +		plog(LLV_ERROR, LOCATION, NULL,
 +		    "isakmp_cfg_newiv called with invalid IV management\n");
 +		return NULL;
 +	}
 +
  	if (ics->ivm != NULL)
  		oakley_delivm(ics->ivm);

 diff -urpN a/src/racoon/isakmp_quick.c b/src/racoon/isakmp_quick.c
 --- a/src/racoon/isakmp_quick.c
 +++ b/src/racoon/isakmp_quick.c
 @@ -2243,8 +2243,10 @@ get_proposal_r(iph2)
  	int error = ISAKMP_INTERNAL_ERROR;

  	/* check the existence of ID payload */
 -	if ((iph2->id_p != NULL && iph2->id == NULL)
 -	 || (iph2->id_p == NULL && iph2->id != NULL)) {
 +	if ((iph2->id_p != NULL &&
 +	    (iph2->id == NULL || iph2->id->v == NULL || iph2->id->l == 0)) ||
 +	    (iph2->id != NULL &&
 +	    (iph2->id_p == NULL || iph2->id_p->v == NULL || iph2->id_p->l == 0))) {
  		plog(LLV_ERROR, LOCATION, NULL,
  			"Both IDs wasn't found in payload.\n");
  		return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
	Subject: [PATCH] ipsec-tools: racoon: check several invalid pointers

	Upstream-Status: Pending

	Add checking for invalid pointers, or it will crash racoon.

	Signed-off-by: Ming Liu <ming.liu@windriver.com>
	---
	ipsec_doi.c \| 5 +++--
	isakmp_cfg.c \| 7 +++++++
	isakmp_quick.c \| 6 ++++--
	3 files changed, 14 insertions(+), 4 deletions(-)

	diff -urpN a/src/racoon/ipsec_doi.c b/src/racoon/ipsec_doi.c
	--- a/src/racoon/ipsec_doi.c
	+++ b/src/racoon/ipsec_doi.c
	@@ -3374,8 +3374,9 @@ ipsecdoi_chkcmpids( idt, ids, exact )

	/* handle wildcard IDs */

	- if (idt == NULL \|\| ids == NULL)
	- {
	+ if (idt == NULL \|\| ids == NULL \|\|
	+ idt->v == NULL \|\| idt->l == 0 \|\|
	+ ids->v == NULL \|\| ids->l == 0) {
	if( !exact )
	{
	plog(LLV_DEBUG, LOCATION, NULL,
	diff -urpN a/src/racoon/isakmp_cfg.c b/src/racoon/isakmp_cfg.c
	--- a/src/racoon/isakmp_cfg.c
	+++ b/src/racoon/isakmp_cfg.c
	@@ -1138,6 +1138,13 @@ isakmp_cfg_newiv(iph1, msgid)
	return NULL;
	}

	+ if (iph1->ivm == NULL \|\| iph1->ivm->iv == NULL \|\|
	+ iph1->ivm->iv->v == NULL \|\| iph1->ivm->iv->l == 0) {
	+ plog(LLV_ERROR, LOCATION, NULL,
	+ "isakmp_cfg_newiv called with invalid IV management\n");
	+ return NULL;
	+ }
	+
	if (ics->ivm != NULL)
	oakley_delivm(ics->ivm);

	diff -urpN a/src/racoon/isakmp_quick.c b/src/racoon/isakmp_quick.c
	--- a/src/racoon/isakmp_quick.c
	+++ b/src/racoon/isakmp_quick.c
	@@ -2243,8 +2243,10 @@ get_proposal_r(iph2)
	int error = ISAKMP_INTERNAL_ERROR;

	/* check the existence of ID payload */
	- if ((iph2->id_p != NULL && iph2->id == NULL)
	- \|\| (iph2->id_p == NULL && iph2->id != NULL)) {
	+ if ((iph2->id_p != NULL &&
	+ (iph2->id == NULL \|\| iph2->id->v == NULL \|\| iph2->id->l == 0)) \|\|
	+ (iph2->id != NULL &&
	+ (iph2->id_p == NULL \|\| iph2->id_p->v == NULL \|\| iph2->id_p->l == 0))) {
	plog(LLV_ERROR, LOCATION, NULL,
	"Both IDs wasn't found in payload.\n");
	return ISAKMP_NTYPE_INVALID_ID_INFORMATION;