| Patrick Williams | b48b7b4 | 2016-08-17 15:04:38 -0500 | [diff] [blame^] | 1 | [PATCH] fix CVE-2015-4047 |
| 2 | |
| 3 | Upstream-Status: Backport |
| 4 | |
| 5 | http://www.openwall.com/lists/oss-security/2015/05/20/1 |
| 6 | |
| 7 | racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause |
| 8 | a denial of service (NULL pointer dereference and IKE daemon crash) via |
| 9 | a series of crafted UDP requests. |
| 10 | |
| 11 | https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047 |
| 12 | |
| 13 | Signed-off-by: Roy Li <rongqing.li@windriver.com> |
| 14 | --- |
| 15 | src/racoon/gssapi.c | 5 +++++ |
| 16 | 1 file changed, 5 insertions(+) |
| 17 | |
| 18 | diff --git a/src/racoon/gssapi.c b/src/racoon/gssapi.c |
| 19 | index e64b201..1ad3b42 100644 |
| 20 | --- a/src/racoon/gssapi.c |
| 21 | +++ b/src/racoon/gssapi.c |
| 22 | @@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1) |
| 23 | gss_name_t princ, canon_princ; |
| 24 | OM_uint32 maj_stat, min_stat; |
| 25 | |
| 26 | + if (iph1->rmconf == NULL) { |
| 27 | + plog(LLV_ERROR, LOCATION, NULL, "no remote config\n"); |
| 28 | + return -1; |
| 29 | + } |
| 30 | + |
| 31 | gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state)); |
| 32 | if (gps == NULL) { |
| 33 | plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n"); |
| 34 | -- |
| 35 | 1.9.1 |
| 36 | |