kumquat-buildroot/package/strongswan/strongswan-0003-CVE-2013-5018-fix.patch

From 057265e0183ddf52d56f21adaf0db0f3dc6585a4 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 29 Jul 2013 23:45:38 +0200
Subject: [PATCH] asn1: Fix handling of invalid ASN.1 length in is_asn1()

Fixes CVE-2013-5018.
---
 src/libstrongswan/asn1/asn1.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 68f37f4..d860ad9 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -642,6 +642,11 @@ bool is_asn1(chunk_t blob)
 
 	len = asn1_length(&blob);
 
+	if (len == ASN1_INVALID_LENGTH)
+	{
+		return FALSE;
+	}
+
 	/* exact match */
 	if (len == blob.len)
 	{
-- 
1.7.10.4
strongswan: add security patches Security patches to fix CVE-2013-5018, CVE-2013-6075 and CVE-2013-6076. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2013-11-01 14:54:27 +01:00			`From 057265e0183ddf52d56f21adaf0db0f3dc6585a4 Mon Sep 17 00:00:00 2001`
			`From: Tobias Brunner <tobias@strongswan.org>`
			`Date: Mon, 29 Jul 2013 23:45:38 +0200`
			`Subject: [PATCH] asn1: Fix handling of invalid ASN.1 length in is_asn1()`

			`Fixes CVE-2013-5018.`
			`---`
			`src/libstrongswan/asn1/asn1.c \| 5 +++++`
			`1 file changed, 5 insertions(+)`

			`diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c`
			`index 68f37f4..d860ad9 100644`
			`--- a/src/libstrongswan/asn1/asn1.c`
			`+++ b/src/libstrongswan/asn1/asn1.c`
			`@@ -642,6 +642,11 @@ bool is_asn1(chunk_t blob)`

			`len = asn1_length(&blob);`

			`+ if (len == ASN1_INVALID_LENGTH)`
			`+ {`
			`+ return FALSE;`
			`+ }`
			`+`
			`/* exact match */`
			`if (len == blob.len)`
			`{`
			`--`
			`1.7.10.4`