rpms/freeradius/devel freeradius-1.0.1-CVE-2007-2028.patch, NONE, 1.1 freeradius.spec, 1.41, 1.42

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed May 9 15:02:36 UTC 2007


Author: twoerner

Update of /cvs/dist/rpms/freeradius/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv16497

Modified Files:
	freeradius.spec 
Added Files:
	freeradius-1.0.1-CVE-2007-2028.patch 
Log Message:
[tw]
- fixed CVE-2007-2028: EAP-TTLS denial of service
  Resolves: rhbz#236248



freeradius-1.0.1-CVE-2007-2028.patch:
 ttls.c |    4 ++++
 1 files changed, 4 insertions(+)

--- NEW FILE freeradius-1.0.1-CVE-2007-2028.patch ---
--- freeradius-1.0.1/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c.CVE-2007-2028	2004-04-19 22:21:19.000000000 +0200
+++ freeradius-1.0.1/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c	2007-04-25 13:44:00.000000000 +0200
@@ -255,6 +255,7 @@
 				DEBUG2("  rlm_eap_ttls: Invalid length attribute %d",
 				       attr);
 				pairfree(&first);
+				pairfree(&vp);
 				return NULL;
 			}
 			memcpy(&vp->lvalue, data, vp->length);
@@ -270,6 +271,7 @@
 				DEBUG2("  rlm_eap_ttls: Invalid length attribute %d",
 				       attr);
 				pairfree(&first);
+				pairfree(&vp);
 				return NULL;
 			}
 		  memcpy(&vp->lvalue, data, vp->length);
@@ -340,6 +342,7 @@
 			    (vp->length > 16)) {
 				DEBUG2("  TTLS: Tunneled challenge has invalid length");
 				pairfree(&first);
+				pairfree(&vp);
 				return NULL;
 
 			} else {
@@ -353,6 +356,7 @@
 					if (challenge[i] != vp->strvalue[i]) {
 						DEBUG2("  TTLS: Tunneled challenge is incorrect");
 						pairfree(&first);
+						pairfree(&vp);
 						return NULL;
 					}
 				}


Index: freeradius.spec
===================================================================
RCS file: /cvs/dist/rpms/freeradius/devel/freeradius.spec,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -r1.41 -r1.42
--- freeradius.spec	9 Mar 2007 11:37:00 -0000	1.41
+++ freeradius.spec	9 May 2007 15:02:34 -0000	1.42
@@ -1,7 +1,7 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
 Version: 1.1.5
-Release: 1
+Release: 2
 License: GPL
 Group: System Environment/Daemons
 URL: http://www.freeradius.org/
@@ -24,6 +24,7 @@
 Patch10: freeradius-1.1.3-build.patch
 Patch11: freeradius-1.1.2-no_sql_inc.patch
 Patch12: freeradius-1.1.3-ldap.patch
+Patch13: freeradius-1.0.1-CVE-2007-2028.patch
 
 %description
 The FreeRADIUS Server Project is a high performance and highly configurable 
@@ -80,6 +81,7 @@
 %patch10 -p1 -b .build
 %patch11 -p1 -b .no_sql_inc
 %patch12 -p1 -b .ldap
+%patch13 -p1 -b .CVE-2007-2028
 
 
 %build
@@ -283,6 +285,10 @@
 
 
 %changelog
+* Wed May  9 2007 Thomas Woerner <twoerner at redhat.com> 1.1.5-2
+- fixed CVE-2007-2028: EAP-TTLS denial of service
+  Resolves: rhbz#236248
+
 * Fri Mar  9 2007 Thomas Woerner <twoerner at redhat.com> 1.1.5-1
 - new version 1.1.5
   - no /etc/raddb/otppasswd.sample anymore




More information about the fedora-cvs-commits mailing list