Commit d01a6eb2 authored by Leonardo Arena's avatar Leonardo Arena
Browse files

main/strongswan: security fixes

CVE-2018-16151, CVE-2018-16152, CVE-2018-17540

Fixes #9519
parent e9064e91
......@@ -3,7 +3,7 @@
pkgname=strongswan
pkgver=5.5.3
_pkgver=${pkgver//_rc/rc}
pkgrel=1
pkgrel=3
pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
url="http://www.strongswan.org/"
arch="all"
......@@ -25,6 +25,7 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
libressl.patch
CVE-2017-11185.patch
CVE-2018-16151-CVE-2018-16152.patch
strongswan-4.4.0-5.7.0_gmp-pkcs1-overflow.patch
strongswan.initd
charon.initd"
......@@ -32,6 +33,8 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
_builddir="$srcdir/$pkgname-$_pkgver"
# secfixes:
# 5.5.3-r3:
# - CVE-2018-17540
# 5.5.3-r2:
# - CVE-2018-16151
# - CVE-2018-16152
......@@ -125,6 +128,30 @@ package() {
install -m755 -D "$srcdir/charon.initd" "$pkgdir/etc/init.d/charon" || return 1
}
md5sums="4afffe3c219bb2e04f09510905af836b strongswan-5.5.3.tar.bz2
0a82059a9bd45d7a189864843560afe9 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
ac8283bc5a9615236c864d5aaeb38063 1001-charon-add-optional-source-and-remote-overrides-for-.patch
db486619b3f2efcd1a3e889567a04bbb 1002-vici-send-certificates-for-ike-sa-events.patch
ae81f5bbd7534137830a3e732d04b892 1003-vici-add-support-for-individual-sa-state-changes.patch
97bb0e061ba1576bab0e053afc2a4a72 2001-support-gre-key-in-ikev1.patch
360c16bcd6c03505b4f3ca308dd4932d libressl.patch
5676d26b3fb36a2529b5b53e1f2a992a CVE-2017-11185.patch
16ce55395c1d9923cfa40f319cea8b11 CVE-2018-16151-CVE-2018-16152.patch
7bcc1c21d4674cd8c2da6e0a535b72b5 strongswan-4.4.0-5.7.0_gmp-pkcs1-overflow.patch
72a956819c451931d3d31a528a0d1b9c strongswan.initd
a7993f28e4eacc61f51722044645587e charon.initd"
sha256sums="c5ea54b199174708de11af9b8f4ecf28b5b0743d4bc0e380e741f25b28c0f8d4 strongswan-5.5.3.tar.bz2
89934062b4d400019752bb8140a60dacd832e4be7e86e7f573397bc56f87109e 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
8825cb9a1061e446c9398643820009a06de3696ebc9526ef44c534dc19fbdeea 1001-charon-add-optional-source-and-remote-overrides-for-.patch
1bdd981188cfdc676814b978c44857cc773eb7c400b50dbc6effcf8bec559bfe 1002-vici-send-certificates-for-ike-sa-events.patch
671adf916dd031b0cf1b1622f1948fd80fec46618a99af7b874d841c17f0409a 1003-vici-add-support-for-individual-sa-state-changes.patch
f038cadddde9f0ea2f36df03f81445b2f6a6d6b09cf4a21bfcdb61c62706a66b 2001-support-gre-key-in-ikev1.patch
c2e94e169bd5923fe90f4cfdd2568b0bc6accd8fb9c1a32a07e795dd8a3fe7f9 libressl.patch
c80e02c9a5eeaf10f0a8bdde3be6375dd2833e515af03dad3a700e93c4fd041a CVE-2017-11185.patch
aa6c89a8f677fe6521e33286fffc1020eddab14e9a2d291033239eaddabb20da CVE-2018-16151-CVE-2018-16152.patch
415d104717cb0781770e9077d00b3df310b11e65e4b9c1d35b62fbba04549263 strongswan-4.4.0-5.7.0_gmp-pkcs1-overflow.patch
fdb781fa59700ca83b9fd2f2ff0b9c45467448ebd82da96286b3e2aa477ef7f4 strongswan.initd
7bcc57e4a778f87645c6b9d76ba2c04e1c11c326bc9a4968561788711c7fe58a charon.initd"
sha512sums="0b0b25d2102c98cda54300dc8c3c3a49a55e64f7c695dda65a24f2194f19bce0b7aab9e4f7486c243b552f9d1a94867d6a8782ee504aad1c9973809706d599ac strongswan-5.5.3.tar.bz2
768a144be4c84395bc28b91e509c8319521d68a9eae0a5d5ff96830bf8cf3154bce046d2128d1aba092bb5d3d2dceb35296c13778294f88a14c2267865766db1 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
df5673107ea15dae28276b1cbc2a0d995d9a210c9c73ee478cb0f4eba0e3ef76856708119a5ebdf59637c2830ca8e30adf294d09e3eeef5514890d8ebc7c47b4 1001-charon-add-optional-source-and-remote-overrides-for-.patch
......@@ -134,5 +161,6 @@ d92ec44ac03c3eabe7583c01b15c66c9286681f42cf1d6ced3e1096c27c174014e14112610d2e12c
8cc4e28a07c4f206d7838a20cd1fdab7cd82bc19a3916ed65f1c5acf6acecd7ea54f582f7b2f164aded96e49fdc2db5ace70f426a93fcc08f29d658c79069ad4 libressl.patch
276bcbd0cd3c550ddd4b3f5dfbcb490bb1e50ec8ed97789944409e3c05232903b99332c653cec9c9cf46eab445fd67113d1babef32156b1a5c77a68d2b83260b CVE-2017-11185.patch
db64485fc0679a7fe32f3a69ae52e9e29abb6988ec900f07c350a61663321f7a5ffdfcb6c3371feb24923599a07d5a50bfbe1a72266666bf0a49a77631f92076 CVE-2018-16151-CVE-2018-16152.patch
3e620641400aaf01c9df4b069548d593fcc728f870c49abbe22128866eeaf4092740620e2d72bd90ded24a6ee5263778a835991f777a24d149d4bed6b9f509f8 strongswan-4.4.0-5.7.0_gmp-pkcs1-overflow.patch
8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9 strongswan.initd
1c44c801f66305c0331f76e580c0d60f1b7d5cd3cc371be55826b06c3899f542664628a912a7fb48626e34d864f72ca5dcd34b2f0d507c4f19c510d0047054c1 charon.initd"
From 129ab919a8c3abfc17bea776f0774e0ccf33ca09 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 25 Sep 2018 14:50:08 +0200
Subject: [PATCH] gmp: Fix buffer overflow with very small RSA keys
Because `keylen` is unsigned the subtraction results in an integer
underflow if the key length is < 11 bytes.
This is only a problem when verifying signatures with a public key (for
private keys the plugin enforces a minimum modulus length) and to do so
we usually only use trusted keys. However, the x509 plugin actually
calls issued_by() on a parsed certificate to check if it is self-signed,
which is the reason this issue was found by OSS-Fuzz in the first place.
So, unfortunately, this can be triggered by sending an invalid client
cert to a peer.
Fixes: 5955db5b124a ("gmp: Don't parse PKCS1 v1.5 RSA signatures to verify them")
Fixes: CVE-2018-17540
---
src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
index e9a83fdf49a1..a255a40abce2 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -301,7 +301,7 @@ bool gmp_emsa_pkcs1_signature_data(hash_algorithm_t hash_algorithm,
data = digestInfo;
}
- if (data.len > keylen - 11)
+ if (keylen < 11 || data.len > keylen - 11)
{
chunk_free(&digestInfo);
DBG1(DBG_LIB, "signature value of %zu bytes is too long for key of "
--
2.7.4
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment