Fix CVE-2023-41913
This commit is contained in:
starlet-dx
parent
97ab5b1ae2
commit
413202e85e
42
CVE-2023-41913.patch
Normal file
42
CVE-2023-41913.patch
Normal file
@ -0,0 +1,42 @@
|
||||
From 027421cbd2e6e628f5f959c74d722afadc477485 Mon Sep 17 00:00:00 2001
|
||||
From: Tobias Brunner <tobias@strongswan.org>
|
||||
Date: Tue, 11 Jul 2023 12:12:25 +0200
|
||||
Subject: [PATCH] charon-tkm: Validate DH public key to fix potential buffer
|
||||
overflow
|
||||
|
||||
Seems this was forgotten in the referenced commit and actually could lead
|
||||
to a buffer overflow. Since charon-tkm is untrusted this isn't that
|
||||
much of an issue but could at least be easily exploited for a DoS attack
|
||||
as DH public values are set when handling IKE_SA_INIT requests.
|
||||
|
||||
Fixes: 0356089d0f94 ("diffie-hellman: Verify public DH values in backends")
|
||||
Fixes: CVE-2023-41913
|
||||
---
|
||||
src/charon-tkm/src/tkm/tkm_diffie_hellman.c | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
|
||||
index 2b2d103d03e9..6999ad360d7e 100644
|
||||
--- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
|
||||
+++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
|
||||
@@ -70,11 +70,16 @@ METHOD(key_exchange_t, get_shared_secret, bool,
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
-
|
||||
METHOD(key_exchange_t, set_public_key, bool,
|
||||
private_tkm_diffie_hellman_t *this, chunk_t value)
|
||||
{
|
||||
dh_pubvalue_type othervalue;
|
||||
+
|
||||
+ if (!key_exchange_verify_pubkey(this->group, value) ||
|
||||
+ value.len > sizeof(othervalue.data))
|
||||
+ {
|
||||
+ return FALSE;
|
||||
+ }
|
||||
othervalue.size = value.len;
|
||||
memcpy(&othervalue.data, value.ptr, value.len);
|
||||
|
||||
--
|
||||
2.34.1
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: strongswan
|
||||
Version: 5.9.10
|
||||
Release: 3
|
||||
Release: 4
|
||||
Summary: An OpenSource IPsec-based VPN and TNC solution
|
||||
License: GPLv2+
|
||||
URL: http://www.strongswan.org/
|
||||
@ -8,6 +8,8 @@ Source0: http://download.strongswan.org/strongswan-%{version}.tar.bz2
|
||||
|
||||
Patch0: remove-warning-no-format.patch
|
||||
Patch1: aes-crypter-support-sw64-arch.patch
|
||||
# https://download.strongswan.org/security/CVE-2023-41913/strongswan-5.9.7-5.9.11_charon_tkm_dh_len.patch
|
||||
Patch2: CVE-2023-41913.patch
|
||||
|
||||
BuildRequires: gcc chrpath autoconf automake libtool tpm2-abrmd
|
||||
BuildRequires: systemd-devel gmp-devel libcurl-devel NetworkManager-libnm-devel openldap-devel
|
||||
@ -193,6 +195,9 @@ echo "%{_libdir}/strongswan" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.co
|
||||
%{_libexecdir}/strongswan/charon-nm
|
||||
|
||||
%changelog
|
||||
* Thu Dec 14 2023 yaoxin <yao_xin001@hoperun.com> - 5.9.10-4
|
||||
- Fix CVE-2023-41913
|
||||
|
||||
* Sun Oct 08 2023 openhosec <openhosec@hosec.net> - 5.9.10-3
|
||||
- aes crypter support sw64 arch
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user