diff options
| author | Eugene Grosbein <eugen@FreeBSD.org> | 2018-04-14 12:07:58 +0000 |
|---|---|---|
| committer | Eugene Grosbein <eugen@FreeBSD.org> | 2018-04-14 12:07:58 +0000 |
| commit | 4e95cbb2484f3f840f93e0e14fc0b2ecbc322714 (patch) | |
| tree | 32fb05d121160a80b9c639b35ebdecbc4162b9d9 /security/ipsec-tools/files/patch-isakmp.c | |
| parent | Add a port of IOWOW, persistent and fast key-value database engine based (diff) | |
security/ipsec-tools: fix CVE-2016-10396
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable
computational-complexity attack when parsing and storing ISAKMP fragments.
The implementation permits a remote attacker to exhaust computational
resources on the remote endpoint by repeatedly sending ISAKMP fragment
packets in a particular order such that the worst-case computational
complexity is realized in the algorithm utilized to determine
if reassembly of the fragments can take place.
The fix obtained from NetBSD CVS head with a command:
cvs diff -D 2017-01-24 -D 2017-09-01 \
src/racoon/handler.h \
src/racoon/isakmp.c \
src/racoon/isakmp_frag.c \
src/racoon/isakmp_inf.c
While here, add LICENSE.
PR: 225066
Approved by: VANHULLEBUS Yvan (maintainer timeout, 3 months)
Obtained from: NetBSD
MFH: 2018Q1
Security: CVE-2016-10396
Diffstat (limited to 'security/ipsec-tools/files/patch-isakmp.c')
| -rw-r--r-- | security/ipsec-tools/files/patch-isakmp.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/security/ipsec-tools/files/patch-isakmp.c b/security/ipsec-tools/files/patch-isakmp.c new file mode 100644 index 000000000000..50d6cd043d56 --- /dev/null +++ b/security/ipsec-tools/files/patch-isakmp.c @@ -0,0 +1,30 @@ +Index: src/racoon/isakmp.c +=================================================================== +RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c,v +retrieving revision 1.75 +retrieving revision 1.76 +diff -p -u -r1.75 -r1.76 +--- src/racoon/isakmp.c 9 Mar 2016 22:27:17 -0000 1.75 ++++ src/racoon/isakmp.c 24 Jan 2017 19:23:56 -0000 1.76 +@@ -1,4 +1,4 @@ +-/* $NetBSD: isakmp.c,v 1.75 2016/03/09 22:27:17 christos Exp $ */ ++/* $NetBSD: isakmp.c,v 1.76 2017/01/24 19:23:56 christos Exp $ */ + + /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */ + +@@ -1077,6 +1077,7 @@ isakmp_ph1begin_i(rmconf, remote, local) + iph1->frag = 1; + else + iph1->frag = 0; ++ iph1->frag_last_index = 0; + iph1->frag_chain = NULL; + #endif + iph1->approval = NULL; +@@ -1181,6 +1182,7 @@ isakmp_ph1begin_r(msg, remote, local, et + #endif + #ifdef ENABLE_FRAG + iph1->frag = 0; ++ iph1->frag_last_index = 0; + iph1->frag_chain = NULL; + #endif + iph1->approval = NULL; |