rpms/ipsec-tools/FC-3 ipsec-tools-CVE-2005-3732.patch, NONE, 1.1 ipsec-tools.spec, 1.15, 1.16

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Dec 14 16:17:28 UTC 2005 

Author: harald

Update of /cvs/dist/rpms/ipsec-tools/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv21589/FC-3

Modified Files:
	ipsec-tools.spec 
Added Files:
	ipsec-tools-CVE-2005-3732.patch 
Log Message:
add patch for DoS (CVE-2005-3732, #173841)

ipsec-tools-CVE-2005-3732.patch:
 isakmp_agg.c |   12 ++++++++++--
 1 files changed, 10 insertions(+), 2 deletions(-)

--- NEW FILE ipsec-tools-CVE-2005-3732.patch ---
--- ipsec-tools/src/racoon/isakmp_agg.c	2005/09/26 16:12:20	1.20.2.3
+++ ipsec-tools/src/racoon/isakmp_agg.c	2005/11/20 14:04:48	1.20.2.4
@@ -488,7 +488,11 @@
 	}
 
 	/* payload existency check */
-	/* XXX to be checked each authentication method. */
+	if (iph1->dhpub_p == NULL || iph1->nonce_p == NULL) {
+		plog(LLV_ERROR, LOCATION, iph1->remote,
+			"few isakmp message received.\n");
+		goto end;
+	}
 
 	/* verify identifier */
 	if (ipsecdoi_checkid1(iph1) != 0) {
@@ -888,7 +892,11 @@
 	}
 
 	/* payload existency check */
-	/* XXX to be checked each authentication method. */
+	if (iph1->dhpub_p == NULL || iph1->nonce_p == NULL) {
+		plog(LLV_ERROR, LOCATION, iph1->remote,
+			"few isakmp message received.\n");
+		goto end;
+	}
 
 	/* verify identifier */
 	if (ipsecdoi_checkid1(iph1) != 0) {


Index: ipsec-tools.spec
===================================================================
RCS file: /cvs/dist/rpms/ipsec-tools/FC-3/ipsec-tools.spec,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- ipsec-tools.spec	28 Mar 2005 19:21:20 -0000	1.15
+++ ipsec-tools.spec	14 Dec 2005 16:17:26 -0000	1.16
@@ -1,6 +1,6 @@
 Name: ipsec-tools
 Version: 0.5
-Release: 2.fc3
+Release: 2.fc3.1
 Summary: Tools for configuring and using IPSEC
 License: BSD
 Group: System Environment/Base
@@ -17,6 +17,8 @@
 Patch3: ipsec-tools-0.3.3-stdin.patch
 Patch4: ipsec-tools-fix.diff
 Patch5: ipsec-tools-0.5-64bit.patch
+Patch6: ipsec-tools-CVE-2005-3732.patch
+
 BuildPrereq: openssl-devel, krb5-devel, bison, flex
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 Requires: initscripts >= 7.31.11.EL-1
@@ -36,6 +38,7 @@
 %patch3 -p1
 %patch4 -p0
 %patch5 -p1
+%patch6 -p1 -b .CVE-2005-3732
 
 mkdir -p kernel-headers/linux
 cp %{SOURCE1} %{SOURCE2} %{SOURCE5} %{SOURCE6} kernel-headers/linux
@@ -90,6 +93,9 @@
 %config(noreplace) /etc/racoon/racoon.conf
 
 %changelog
+* Wed Dec 14 2005 Harald Hoyer <harald at redhat.com> 0.5-2.fc3.1
+- add patch for DoS (CVE-2005-3732, #173841)
+
 * Mon Mar 14 2005 Bill Nottingham <notting at redhat.com> 0.5-2.fc3
 - add patch for DoS (CAN-2005-0398, #145532)

More information about the fedora-cvs-commits mailing list