Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1:kernel-2.6.32
novell-ipsec-tools
novell-ipsec-tools_CVE-2009-1632.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File novell-ipsec-tools_CVE-2009-1632.patch of Package novell-ipsec-tools
Index: ipsec-tools-0.7.1/src/racoon/crypto_openssl.c =================================================================== --- ipsec-tools-0.7.1.orig/src/racoon/crypto_openssl.c +++ ipsec-tools-0.7.1/src/racoon/crypto_openssl.c @@ -895,6 +895,7 @@ eay_check_x509sign(source, sig, cert) x509 = d2i_X509(NULL, (void *)&bp, cert->l); if (x509 == NULL) { plog(LLV_ERROR, LOCATION, NULL, "d2i_X509(): %s\n", eay_strerror()); + X509_free(x509); return -1; } @@ -907,6 +908,7 @@ eay_check_x509sign(source, sig, cert) res = eay_rsa_verify(source, sig, evp->pkey.rsa); EVP_PKEY_free(evp); + X509_free(x509); return res; } Index: ipsec-tools-0.7.1/src/racoon/nattraversal.c =================================================================== --- ipsec-tools-0.7.1.orig/src/racoon/nattraversal.c +++ ipsec-tools-0.7.1/src/racoon/nattraversal.c @@ -336,7 +336,7 @@ int plugin_update_natt_options(struct ph void natt_float_ports (struct ph1handle *iph1) { - if (! (iph1->natt_flags && NAT_DETECTED) ) + if (! (iph1->natt_flags & NAT_DETECTED) ) return; if (! iph1->natt_options->float_port){ /* Drafts 00 / 01, just schedule keepalive */ @@ -381,6 +381,15 @@ natt_handle_vendorid (struct ph1handle * iph1->natt_flags |= NAT_ANNOUNCED; } +static void +natt_keepalive_delete (struct natt_ka_addrs *ka) +{ + TAILQ_REMOVE (&ka_tree, ka, chain); + racoon_free (ka->src); + racoon_free (ka->dst); + racoon_free (ka); +} + #ifdef PLUGINS_SUPPORT void natt_handle_private_vendorid (struct ph1handle *iph1, void *d) @@ -420,8 +429,7 @@ natt_keepalive_send (void *param) s = getsockmyaddr(ka->src); if (s == -1) { - TAILQ_REMOVE (&ka_tree, ka, chain); - racoon_free (ka); + natt_keepalive_delete(ka); continue; } plog (LLV_DEBUG, LOCATION, NULL, "KA: %s\n", @@ -522,8 +530,7 @@ natt_keepalive_remove (struct sockaddr * plog (LLV_DEBUG, LOCATION, NULL, "KA removing this one...\n"); - TAILQ_REMOVE (&ka_tree, ka, chain); - racoon_free (ka); + natt_keepalive_delete (ka); /* Should we break here? Every pair of addresses should be inserted only once, but who knows :-) Lets traverse the whole list... */ Index: ipsec-tools-0.7.1/src/racoon/isakmp_frag.c =================================================================== --- ipsec-tools-0.7.1.orig/src/racoon/isakmp_frag.c +++ ipsec-tools-0.7.1/src/racoon/isakmp_frag.c @@ -199,7 +199,8 @@ isakmp_frag_extract(iph1, msg) * frag->len is the frag payload data plus the frag payload header, * whose size is sizeof(*frag) */ - if (msg->l < sizeof(*isakmp) + ntohs(frag->len)) { + if (msg->l < sizeof(*isakmp) + ntohs(frag->len) || + ntohs(frag->len) < sizeof(*frag) + 1) { plog(LLV_ERROR, LOCATION, NULL, "Fragment too short\n"); return -1; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor