vpnc: Fix shared secret cleanup, SECURITY_PATCH++

3 files changed, 42 insertions, 0 deletions

diff --git a/net/vpnc/DETAILS b/net/vpnc/DETAILS
index 51c5fd68aa..826bc78303 100755
--- a/net/vpnc/DETAILS
+++ b/net/vpnc/DETAILS
@@ -1,5 +1,6 @@
            SPELL=vpnc
          VERSION=0.5.3
+  SECURITY_PATCH=1
           SOURCE=$SPELL-$VERSION.tar.gz
 SOURCE_DIRECTORY=$BUILD_DIRECTORY/$SPELL-$VERSION
    SOURCE_URL[0]=http://www.unix-ag.uni-kl.de/%7Emassar/vpnc/$SOURCE
diff --git a/net/vpnc/HISTORY b/net/vpnc/HISTORY
index c73f395ca9..ba80a4a9a1 100644
--- a/net/vpnc/HISTORY
+++ b/net/vpnc/HISTORY
@@ -2,6 +2,8 @@
 	* PRE_BUILD: removed edit of Makefile, not needed
 	  added apply_patch_dir
 	* patches/0001-Fix-build-against-musl-libc.patch: fixed musl build
+	* patches/0002-Fix-cleanup-of-shared-secret.patch: fixed security issue
+	* DETAILS: SECURITY_PATCH++
 
 2010-10-06 Eric Sandall <sandalle@sourcemage.org>
 	* PRE_BUILD: Fix sed to not mangle the Makefile
diff --git a/net/vpnc/patches/0002-Fix-cleanup-of-shared-secret.patch b/net/vpnc/patches/0002-Fix-cleanup-of-shared-secret.patch
new file mode 100644
index 0000000000..d186e8e799
--- /dev/null
+++ b/net/vpnc/patches/0002-Fix-cleanup-of-shared-secret.patch
@@ -0,0 +1,39 @@
+From 3a1af8afcafbc83b8f087833ae845829aa67765b Mon Sep 17 00:00:00 2001
+From: Ismael Luceno <ismael@iodev.co.uk>
+Date: Mon, 18 Apr 2022 19:04:44 +0200
+Subject: [PATCH 2/4] Fix cleanup of shared secret
+
+Signed-off-by: Ismael Luceno <ismael@iodev.co.uk>
+---
+ vpnc.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/vpnc.c b/vpnc.c
+index 39eb40e86fa5..474d94029c89 100644
+--- a/vpnc.c
++++ b/vpnc.c
+@@ -1853,9 +1853,11 @@ static void do_phase1_am(const char *key_id, const char *shared_key, struct sa_b
+ 			static const unsigned char c012[3] = { 0, 1, 2 };
+ 			unsigned char *skeyid_e;
+ 			unsigned char *dh_shared_secret;
++			size_t dh_shared_secret_len;
+ 
+ 			/* Determine the shared secret.  */
+-			dh_shared_secret = xallocc(dh_getlen(dh_grp));
++			dh_shared_secret_len = dh_getlen(dh_grp);
++			dh_shared_secret = xallocc(dh_shared_secret_len);
+ 			dh_create_shared(dh_grp, dh_shared_secret, ke->u.ke.data);
+ 			hex_dump("dh_shared_secret", dh_shared_secret, dh_getlen(dh_grp), NULL);
+ 
+@@ -1899,7 +1901,7 @@ static void do_phase1_am(const char *key_id, const char *shared_key, struct sa_b
+ 			gcry_md_close(hm);
+ 			hex_dump("skeyid_e", skeyid_e, s->ike.md_len, NULL);
+ 
+-			memset(dh_shared_secret, 0, sizeof(dh_shared_secret));
++			memset(dh_shared_secret, 0, dh_shared_secret_len);
+ 			free(dh_shared_secret);
+ 
+ 			/* Determine the IKE encryption key.  */
+-- 
+2.35.3
+