diff options
| author | sevan <sevan> | 2015-05-19 15:45:44 +0000 |
|---|---|---|
| committer | sevan <sevan> | 2015-05-19 15:45:44 +0000 |
| commit | ac58ce47edc829e102a0caedba1e429469730cde (patch) | |
| tree | ba2071cc205ebe494f67615a03ed7d972296e31a | |
| parent | e4b51438d5f168141b154cfb15a8bc8924c9f9c4 (diff) | |
| download | pkgsrc-ac58ce47edc829e102a0caedba1e429469730cde.tar.gz | |
Protect against a NULL pointer dereference described in:
https://www.altsci.com/ipsec/
Patch obtained from src/crypto/dist/ipsec-tools/src/racoon/gssapi.c
Bump PKGREVISION
| -rw-r--r-- | security/ipsec-tools/Makefile | 4 | ||||
| -rw-r--r-- | security/ipsec-tools/distinfo | 3 | ||||
| -rw-r--r-- | security/ipsec-tools/patches/patch-src_racoon_gssapi.c | 19 |
3 files changed, 23 insertions, 3 deletions
diff --git a/security/ipsec-tools/Makefile b/security/ipsec-tools/Makefile index ea300d21d3a..4de8b06820b 100644 --- a/security/ipsec-tools/Makefile +++ b/security/ipsec-tools/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.35 2014/02/12 23:18:32 tron Exp $ +# $NetBSD: Makefile,v 1.36 2015/05/19 15:45:44 sevan Exp $ DISTNAME= ipsec-tools-0.7.3 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_NETBSD:=ipsec-tools/} EXTRACT_SUFX= .tar.bz2 diff --git a/security/ipsec-tools/distinfo b/security/ipsec-tools/distinfo index ddddb1019aa..3354221639b 100644 --- a/security/ipsec-tools/distinfo +++ b/security/ipsec-tools/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.16 2010/03/06 09:07:15 spz Exp $ +$NetBSD: distinfo,v 1.17 2015/05/19 15:45:44 sevan Exp $ SHA1 (ipsec-tools-0.7.3.tar.bz2) = 19dc160643547a0bfabf0fe0ad1a181d3c28f410 RMD160 (ipsec-tools-0.7.3.tar.bz2) = e0ff32f0daa845934ac868ad5f36d58b25919c30 Size (ipsec-tools-0.7.3.tar.bz2) = 776096 bytes +SHA1 (patch-src_racoon_gssapi.c) = 6294956137e91749feee8de9da696c492fe786b9 diff --git a/security/ipsec-tools/patches/patch-src_racoon_gssapi.c b/security/ipsec-tools/patches/patch-src_racoon_gssapi.c new file mode 100644 index 00000000000..720d92ab086 --- /dev/null +++ b/security/ipsec-tools/patches/patch-src_racoon_gssapi.c @@ -0,0 +1,19 @@ +$NetBSD: patch-src_racoon_gssapi.c,v 1.1 2015/05/19 15:45:44 sevan Exp $ + +Protect against a NULL pointer dereference described in: +https://www.altsci.com/ipsec/ + +--- src/racoon/gssapi.c.orig 2015-05-19 15:28:49.000000000 +0000 ++++ src/racoon/gssapi.c +@@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1) + gss_name_t princ, canon_princ; + OM_uint32 maj_stat, min_stat; + ++ if (iph1->rmconf == NULL) { ++ plog(LLV_ERROR, LOCATION, NULL, "no remote config\n"); ++ return -1; ++ } ++ + gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state)); + if (gps == NULL) { + plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n"); |