diff options
author | Ismael Luceno | 2022-04-18 20:13:59 +0200 |
---|---|---|
committer | Ismael Luceno | 2022-04-18 20:14:10 +0200 |
commit | 137b04837d4cf5f71c0c11bd8893aa2d6b80e0e6 (patch) | |
tree | 63f3470df7305348d2569bf7bb1cecbe52262aad /net | |
parent | 567a369895333988a3b963d256c8cd3459e42398 (diff) |
vpnc: Patch update, SECURITY_PATCH++
Diffstat (limited to 'net')
-rwxr-xr-x | net/vpnc/DETAILS | 2 | ||||
-rw-r--r-- | net/vpnc/HISTORY | 2 | ||||
-rw-r--r-- | net/vpnc/patches/0002-Fix-cleanup-of-shared-secret.patch | 41 |
3 files changed, 25 insertions, 20 deletions
diff --git a/net/vpnc/DETAILS b/net/vpnc/DETAILS index 826bc78303..dae56d970c 100755 --- a/net/vpnc/DETAILS +++ b/net/vpnc/DETAILS @@ -1,6 +1,6 @@ SPELL=vpnc VERSION=0.5.3 - SECURITY_PATCH=1 + SECURITY_PATCH=2 SOURCE=$SPELL-$VERSION.tar.gz SOURCE_DIRECTORY=$BUILD_DIRECTORY/$SPELL-$VERSION SOURCE_URL[0]=http://www.unix-ag.uni-kl.de/%7Emassar/vpnc/$SOURCE diff --git a/net/vpnc/HISTORY b/net/vpnc/HISTORY index dfbe40c193..9244ba29c3 100644 --- a/net/vpnc/HISTORY +++ b/net/vpnc/HISTORY @@ -6,6 +6,8 @@ * patches/0003-Fix-unused-variable-warnings.patch, patches/0004-Fix-debug-message-format-string.patch: fixed minor issues * DETAILS: SECURITY_PATCH++ + * DETAILS, patches/0002-Fix-cleanup-of-shared-secret.patch: updated patch + SECURITY_PATCH++ 2010-10-06 Eric Sandall <sandalle@sourcemage.org> * PRE_BUILD: Fix sed to not mangle the Makefile diff --git a/net/vpnc/patches/0002-Fix-cleanup-of-shared-secret.patch b/net/vpnc/patches/0002-Fix-cleanup-of-shared-secret.patch index d186e8e799..4a8f6fa378 100644 --- a/net/vpnc/patches/0002-Fix-cleanup-of-shared-secret.patch +++ b/net/vpnc/patches/0002-Fix-cleanup-of-shared-secret.patch @@ -1,39 +1,42 @@ -From 3a1af8afcafbc83b8f087833ae845829aa67765b Mon Sep 17 00:00:00 2001 +From aa688f2b9ccd3e229f2a059a3d57408cdc0cf92b Mon Sep 17 00:00:00 2001 From: Ismael Luceno <ismael@iodev.co.uk> Date: Mon, 18 Apr 2022 19:04:44 +0200 Subject: [PATCH 2/4] Fix cleanup of shared secret Signed-off-by: Ismael Luceno <ismael@iodev.co.uk> --- - vpnc.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) + vpnc.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/vpnc.c b/vpnc.c -index 39eb40e86fa5..474d94029c89 100644 +index 39eb40e86fa5..e5924161ef83 100644 --- a/vpnc.c +++ b/vpnc.c -@@ -1853,9 +1853,11 @@ static void do_phase1_am(const char *key_id, const char *shared_key, struct sa_b - static const unsigned char c012[3] = { 0, 1, 2 }; - unsigned char *skeyid_e; - unsigned char *dh_shared_secret; -+ size_t dh_shared_secret_len; - - /* Determine the shared secret. */ -- dh_shared_secret = xallocc(dh_getlen(dh_grp)); -+ dh_shared_secret_len = dh_getlen(dh_grp); -+ dh_shared_secret = xallocc(dh_shared_secret_len); - dh_create_shared(dh_grp, dh_shared_secret, ke->u.ke.data); - hex_dump("dh_shared_secret", dh_shared_secret, dh_getlen(dh_grp), NULL); - -@@ -1899,7 +1901,7 @@ static void do_phase1_am(const char *key_id, const char *shared_key, struct sa_b +@@ -1899,7 +1899,7 @@ static void do_phase1_am(const char *key_id, const char *shared_key, struct sa_b gcry_md_close(hm); hex_dump("skeyid_e", skeyid_e, s->ike.md_len, NULL); - memset(dh_shared_secret, 0, sizeof(dh_shared_secret)); -+ memset(dh_shared_secret, 0, dh_shared_secret_len); ++ memset(dh_shared_secret, 0, dh_getlen(dh_grp)); free(dh_shared_secret); /* Determine the IKE encryption key. */ +@@ -2095,6 +2095,7 @@ static void do_phase1_am(const char *key_id, const char *shared_key, struct sa_b + #endif + free(returned_hash); + free(dh_public); ++ memset(dh_shared_secret, 0, dh_getlen(dh_grp)); + free(dh_shared_secret); + free(psk_hash); + group_free(dh_grp); +@@ -2858,6 +2859,7 @@ static void do_phase2_qm(struct sa_block *s) + + if (dh_grp) + group_free(dh_grp); ++ memset(dh_shared_secret, 0, dh_getlen(dh_grp)); + free(dh_shared_secret); + free_isakmp_packet(r); + -- 2.35.3 |