4 files changed, 127 insertions, 1 deletions
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-racoon-pfkey-avoid-potential-null-pointer-dereferenc.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-racoon-pfkey-avoid-potential-null-pointer-dereferenc.patch
new file mode 100644
index 0000000000..d5602c03db
--- /dev/null
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-racoon-pfkey-avoid-potential-null-pointer-dereferenc.patch
@@ -0,0 +1,33 @@
+From 738a9857be9c92ad2f70be88ccee238e3154a936 Mon Sep 17 00:00:00 2001
+From: Joe MacDonald <joe.macdonald@windriver.com>
+Date: Wed, 2 Oct 2013 14:20:37 -0400
+Subject: [PATCH] racoon/pfkey: avoid potential null-pointer dereference
+Building with -Werror=maybe-uninitialized revealed that 'remote' from
+pk_recvmigrate() could be used with uninitialized data in
+migrate_sp_ike_addresses().  Ensure it is always at a minimum assigned
+NULL.
+Upstream-Status: Pending
+Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
+---
+ src/racoon/pfkey.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/racoon/pfkey.c b/src/racoon/pfkey.c
+index d00b166..e0dc1db 100644
+--- a/src/racoon/pfkey.c
+++ b/src/racoon/pfkey.c
+@@ -3352,7 +3352,7 @@ pk_recvmigrate(mhp)
+        struct sockaddr *old_saddr, *new_saddr;
+        struct sockaddr *old_daddr, *new_daddr;
+        struct sockaddr *old_local, *old_remote;
+-       struct sockaddr *local, *remote;
+       struct sockaddr *local, *remote = NULL;
+        struct sadb_x_kmaddress *kmaddr;
+        struct sadb_x_policy *xpl;
+        struct sadb_x_ipsecrequest *xisr_list;
+-- 
+1.7.9.5
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-ivm.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-ivm.patch
new file mode 100644
index 0000000000..e272bc20fa
--- /dev/null
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-ivm.patch
@@ -0,0 +1,26 @@
+Subject: [PATCH] ipsec-tools: racoon: check several invalid ivm
+Upstream-Status: Pending
+Add checking for invalid ivm, or it will crash racoon.
+Signed-off-by: Ming Liu <ming.liu@windriver.com>
+---
+ isakmp_cfg.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+diff -urpN a/src/racoon/isakmp_cfg.c b/src/racoon/isakmp_cfg.c
+--- a/src/racoon/isakmp_cfg.c
+++ b/src/racoon/isakmp_cfg.c
+@@ -171,6 +171,11 @@ isakmp_cfg_r(iph1, msg)
+            iph1->mode_cfg->last_msgid != packet->msgid )
+                iph1->mode_cfg->ivm = 
+                    isakmp_cfg_newiv(iph1, packet->msgid);
+       if(iph1->mode_cfg->ivm == NULL) {
+               plog(LLV_ERROR, LOCATION, NULL, 
+                   "failed to create new IV\n");
+               return;
+       }
+        ivm = iph1->mode_cfg->ivm;
+ 
+        dmsg = oakley_do_decrypt(iph1, msg, ivm->iv, ivm->ive);
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-pointers.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-pointers.patch
new file mode 100644
index 0000000000..de1bdb4077
--- /dev/null
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-pointers.patch
@@ -0,0 +1,61 @@
+Subject: [PATCH] ipsec-tools: racoon: check several invalid pointers
+Upstream-Status: Pending
+Add checking for invalid pointers, or it will crash racoon.
+Signed-off-by: Ming Liu <ming.liu@windriver.com>
+---
+ ipsec_doi.c    |    5 +++--
+ isakmp_cfg.c   |    7 +++++++
+ isakmp_quick.c |    6 ++++--
+ 3 files changed, 14 insertions(+), 4 deletions(-)
+diff -urpN a/src/racoon/ipsec_doi.c b/src/racoon/ipsec_doi.c
+--- a/src/racoon/ipsec_doi.c
+++ b/src/racoon/ipsec_doi.c
+@@ -3374,8 +3374,9 @@ ipsecdoi_chkcmpids( idt, ids, exact )
+ 
+        /* handle wildcard IDs */
+ 
+-       if (idt == NULL || ids == NULL)
+-       {
+       if (idt == NULL || ids == NULL ||
+           idt->v == NULL || idt->l == 0 ||
+           ids->v == NULL || ids->l == 0) {
+                if( !exact )
+                {
+                        plog(LLV_DEBUG, LOCATION, NULL,
+diff -urpN a/src/racoon/isakmp_cfg.c b/src/racoon/isakmp_cfg.c
+--- a/src/racoon/isakmp_cfg.c
+++ b/src/racoon/isakmp_cfg.c
+@@ -1138,6 +1138,13 @@ isakmp_cfg_newiv(iph1, msgid)
+                return NULL;
+        }
+ 
+       if (iph1->ivm == NULL || iph1->ivm->iv == NULL ||
+           iph1->ivm->iv->v == NULL || iph1->ivm->iv->l == 0) {
+               plog(LLV_ERROR, LOCATION, NULL,
+                   "isakmp_cfg_newiv called with invalid IV management\n");
+               return NULL;
+       }
+
+        if (ics->ivm != NULL)
+                oakley_delivm(ics->ivm);
+ 
+diff -urpN a/src/racoon/isakmp_quick.c b/src/racoon/isakmp_quick.c
+--- a/src/racoon/isakmp_quick.c
+++ b/src/racoon/isakmp_quick.c
+@@ -2243,8 +2243,10 @@ get_proposal_r(iph2)
+        int error = ISAKMP_INTERNAL_ERROR;
+ 
+        /* check the existence of ID payload */
+-       if ((iph2->id_p != NULL && iph2->id == NULL)
+-        || (iph2->id_p == NULL && iph2->id != NULL)) {
+       if ((iph2->id_p != NULL &&
+           (iph2->id == NULL || iph2->id->v == NULL || iph2->id->l == 0)) ||
+           (iph2->id != NULL &&
+           (iph2->id_p == NULL || iph2->id_p->v == NULL || iph2->id_p->l == 0))) {
+                plog(LLV_ERROR, LOCATION, NULL,
+                        "Both IDs wasn't found in payload.\n");
+                return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb
index 2e5c0a4502..b27eb0f455 100644
--- a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb
@@ -11,6 +11,9 @@ SRC_URI = "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${PV
           file://0001-Fix-warning-with-gcc-4.8.patch \
           file://0002-Don-t-link-against-libfl.patch \
           file://configure.patch \
+           file://0001-racoon-pfkey-avoid-potential-null-pointer-dereferenc.patch \
+           file://racoon-check-invalid-pointers.patch \
+           file://racoon-check-invalid-ivm.patch \
          "
 SRC_URI[md5sum] = "d38b39f291ba2962387c3232e7335dd8"
 SRC_URI[sha256sum] = "fa4a95bb36842f001b84c4e7a1bb727e3ee06147edbc830a881d63abe8153dd4"
@@ -46,10 +49,13 @@ EXTRA_OECONF = "--with-kernel-headers=${STAGING_INCDIR} \
                --with-readline \
                --with-openssl=${STAGING_LIBDIR}/.. \
                --without-libradius \
-                --without-libpam \
                --disable-security-context \
                --enable-shared \
                ${@base_contains('DISTRO_FEATURES', 'ipv6', '--enable-ipv6=yes', '', d)}"
 # See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530527
 CFLAGS += "-fno-strict-aliasing"
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,"
+PACKAGECONFIG[selinux] = "--enable-security-context,--disable-security-context,libselinux,"

diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-racoon-pfkey-avoid-potential-null-pointer-dereferenc.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-racoon-pfkey-avoid-potential-null-pointer-dereferenc.patch new file mode 100644 index 0000000000..d5602c03db --- /dev/null +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-racoon-pfkey-avoid-potential-null-pointer-dereferenc.patch
@@ -0,0 +1,33 @@
		1	From 738a9857be9c92ad2f70be88ccee238e3154a936 Mon Sep 17 00:00:00 2001
		2	From: Joe MacDonald <joe.macdonald@windriver.com>
		3	Date: Wed, 2 Oct 2013 14:20:37 -0400
		4	Subject: [PATCH] racoon/pfkey: avoid potential null-pointer dereference
		5
		6	Building with -Werror=maybe-uninitialized revealed that 'remote' from
		7	pk_recvmigrate() could be used with uninitialized data in
		8	migrate_sp_ike_addresses(). Ensure it is always at a minimum assigned
		9	NULL.
		10
		11	Upstream-Status: Pending
		12
		13	Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
		14	---
		15	src/racoon/pfkey.c \| 2 +-
		16	1 file changed, 1 insertion(+), 1 deletion(-)
		17
		18	diff --git a/src/racoon/pfkey.c b/src/racoon/pfkey.c
		19	index d00b166..e0dc1db 100644
		20	--- a/src/racoon/pfkey.c
		21	+++ b/src/racoon/pfkey.c
		22	@@ -3352,7 +3352,7 @@ pk_recvmigrate(mhp)
		23	struct sockaddr old_saddr, new_saddr;
		24	struct sockaddr old_daddr, new_daddr;
		25	struct sockaddr old_local, old_remote;
		26	- struct sockaddr local, remote;
		27	+ struct sockaddr local, remote = NULL;
		28	struct sadb_x_kmaddress *kmaddr;
		29	struct sadb_x_policy *xpl;
		30	struct sadb_x_ipsecrequest *xisr_list;
		31	--
		32	1.7.9.5
		33


diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-ivm.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-ivm.patch new file mode 100644 index 0000000000..e272bc20fa --- /dev/null +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-ivm.patch
@@ -0,0 +1,26 @@
		1	Subject: [PATCH] ipsec-tools: racoon: check several invalid ivm
		2
		3	Upstream-Status: Pending
		4
		5	Add checking for invalid ivm, or it will crash racoon.
		6
		7	Signed-off-by: Ming Liu <ming.liu@windriver.com>
		8	---
		9	isakmp_cfg.c \| 5 +++++
		10	1 file changed, 5 insertions(+)
		11
		12	diff -urpN a/src/racoon/isakmp_cfg.c b/src/racoon/isakmp_cfg.c
		13	--- a/src/racoon/isakmp_cfg.c
		14	+++ b/src/racoon/isakmp_cfg.c
		15	@@ -171,6 +171,11 @@ isakmp_cfg_r(iph1, msg)
		16	iph1->mode_cfg->last_msgid != packet->msgid )
		17	iph1->mode_cfg->ivm =
		18	isakmp_cfg_newiv(iph1, packet->msgid);
		19	+ if(iph1->mode_cfg->ivm == NULL) {
		20	+ plog(LLV_ERROR, LOCATION, NULL,
		21	+ "failed to create new IV\n");
		22	+ return;
		23	+ }
		24	ivm = iph1->mode_cfg->ivm;
		25
		26	dmsg = oakley_do_decrypt(iph1, msg, ivm->iv, ivm->ive);


diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-pointers.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-pointers.patch new file mode 100644 index 0000000000..de1bdb4077 --- /dev/null +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-check-invalid-pointers.patch
@@ -0,0 +1,61 @@
		1	Subject: [PATCH] ipsec-tools: racoon: check several invalid pointers
		2
		3	Upstream-Status: Pending
		4
		5	Add checking for invalid pointers, or it will crash racoon.
		6
		7	Signed-off-by: Ming Liu <ming.liu@windriver.com>
		8	---
		9	ipsec_doi.c \| 5 +++--
		10	isakmp_cfg.c \| 7 +++++++
		11	isakmp_quick.c \| 6 ++++--
		12	3 files changed, 14 insertions(+), 4 deletions(-)
		13
		14	diff -urpN a/src/racoon/ipsec_doi.c b/src/racoon/ipsec_doi.c
		15	--- a/src/racoon/ipsec_doi.c
		16	+++ b/src/racoon/ipsec_doi.c
		17	@@ -3374,8 +3374,9 @@ ipsecdoi_chkcmpids( idt, ids, exact )
		18
		19	/* handle wildcard IDs */
		20
		21	- if (idt == NULL \|\| ids == NULL)
		22	- {
		23	+ if (idt == NULL \|\| ids == NULL \|\|
		24	+ idt->v == NULL \|\| idt->l == 0 \|\|
		25	+ ids->v == NULL \|\| ids->l == 0) {
		26	if( !exact )
		27	{
		28	plog(LLV_DEBUG, LOCATION, NULL,
		29	diff -urpN a/src/racoon/isakmp_cfg.c b/src/racoon/isakmp_cfg.c
		30	--- a/src/racoon/isakmp_cfg.c
		31	+++ b/src/racoon/isakmp_cfg.c
		32	@@ -1138,6 +1138,13 @@ isakmp_cfg_newiv(iph1, msgid)
		33	return NULL;
		34	}
		35
		36	+ if (iph1->ivm == NULL \|\| iph1->ivm->iv == NULL \|\|
		37	+ iph1->ivm->iv->v == NULL \|\| iph1->ivm->iv->l == 0) {
		38	+ plog(LLV_ERROR, LOCATION, NULL,
		39	+ "isakmp_cfg_newiv called with invalid IV management\n");
		40	+ return NULL;
		41	+ }
		42	+
		43	if (ics->ivm != NULL)
		44	oakley_delivm(ics->ivm);
		45
		46	diff -urpN a/src/racoon/isakmp_quick.c b/src/racoon/isakmp_quick.c
		47	--- a/src/racoon/isakmp_quick.c
		48	+++ b/src/racoon/isakmp_quick.c
		49	@@ -2243,8 +2243,10 @@ get_proposal_r(iph2)
		50	int error = ISAKMP_INTERNAL_ERROR;
		51
		52	/* check the existence of ID payload */
		53	- if ((iph2->id_p != NULL && iph2->id == NULL)
		54	- \|\| (iph2->id_p == NULL && iph2->id != NULL)) {
		55	+ if ((iph2->id_p != NULL &&
		56	+ (iph2->id == NULL \|\| iph2->id->v == NULL \|\| iph2->id->l == 0)) \|\|
		57	+ (iph2->id != NULL &&
		58	+ (iph2->id_p == NULL \|\| iph2->id_p->v == NULL \|\| iph2->id_p->l == 0))) {
		59	plog(LLV_ERROR, LOCATION, NULL,
		60	"Both IDs wasn't found in payload.\n");
		61	return ISAKMP_NTYPE_INVALID_ID_INFORMATION;


diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb index 2e5c0a4502..b27eb0f455 100644 --- a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb
@@ -11,6 +11,9 @@ SRC_URI = "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${PV
11	file://0001-Fix-warning-with-gcc-4.8.patch \	11	file://0001-Fix-warning-with-gcc-4.8.patch \
12	file://0002-Don-t-link-against-libfl.patch \	12	file://0002-Don-t-link-against-libfl.patch \
13	file://configure.patch \	13	file://configure.patch \
		14	file://0001-racoon-pfkey-avoid-potential-null-pointer-dereferenc.patch \
		15	file://racoon-check-invalid-pointers.patch \
		16	file://racoon-check-invalid-ivm.patch \
14	"	17	"
15	SRC_URI[md5sum] = "d38b39f291ba2962387c3232e7335dd8"	18	SRC_URI[md5sum] = "d38b39f291ba2962387c3232e7335dd8"
16	SRC_URI[sha256sum] = "fa4a95bb36842f001b84c4e7a1bb727e3ee06147edbc830a881d63abe8153dd4"	19	SRC_URI[sha256sum] = "fa4a95bb36842f001b84c4e7a1bb727e3ee06147edbc830a881d63abe8153dd4"
@@ -46,10 +49,13 @@ EXTRA_OECONF = "--with-kernel-headers=${STAGING_INCDIR} \
46	--with-readline \	49	--with-readline \
47	--with-openssl=${STAGING_LIBDIR}/.. \	50	--with-openssl=${STAGING_LIBDIR}/.. \
48	--without-libradius \	51	--without-libradius \
49	--without-libpam \
50	--disable-security-context \	52	--disable-security-context \
51	--enable-shared \	53	--enable-shared \
52	${@base_contains('DISTRO_FEATURES', 'ipv6', '--enable-ipv6=yes', '', d)}"	54	${@base_contains('DISTRO_FEATURES', 'ipv6', '--enable-ipv6=yes', '', d)}"
53		55
54	# See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530527	56	# See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530527
55	CFLAGS += "-fno-strict-aliasing"	57	CFLAGS += "-fno-strict-aliasing"
		58
		59	PACKAGECONFIG ??= ""
		60	PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,"
		61	PACKAGECONFIG[selinux] = "--enable-security-context,--disable-security-context,libselinux,"