blob: 5286376ac671121cc210beb18b8273e2c35169ec (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
[PATCH] fix CVE-2015-4047
Upstream-Status: Backport
http://www.openwall.com/lists/oss-security/2015/05/20/1
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause
a denial of service (NULL pointer dereference and IKE daemon crash) via
a series of crafted UDP requests.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047
Signed-off-by: Roy Li <rongqing.li@windriver.com>
---
src/racoon/gssapi.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/racoon/gssapi.c b/src/racoon/gssapi.c
index e64b201..1ad3b42 100644
--- a/src/racoon/gssapi.c
+++ b/src/racoon/gssapi.c
@@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1)
gss_name_t princ, canon_princ;
OM_uint32 maj_stat, min_stat;
+ if (iph1->rmconf == NULL) {
+ plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
+ return -1;
+ }
+
gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
if (gps == NULL) {
plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");
--
1.9.1
|
