Bug#540144: strongswan: diff for NMU version 4.3.2-1.1

Tue, 08 Sep 2009 19:34:04 -0700 

Dear maintainer,

I've prepared an NMU for strongswan (versioned as 4.3.2-1.1). The diff
is attached to this message.

Regards.
diff -u strongswan-4.3.2/debian/changelog strongswan-4.3.2/debian/changelog
--- strongswan-4.3.2/debian/changelog
+++ strongswan-4.3.2/debian/changelog
@@ -1,3 +1,13 @@
+strongswan (4.3.2-1.1) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix incomplete fix for CVE-2009-2185 leading to a denial of service
+    via malformed ASN.1 data (CVE-2009-2661; Closes: #540144).
+  * Use dh_prep instead of dh_clean in install target
+    + Fixes bug where the arch: all package is not included in .changes
+
+ -- Raphael Geissert <geiss...@debian.org>  Tue, 08 Sep 2009 18:37:35 -0500
+
 strongswan (4.3.2-1) unstable; urgency=HIGH
 
   Urgency high because of security issue and FTBFS.
diff -u strongswan-4.3.2/debian/rules strongswan-4.3.2/debian/rules
--- strongswan-4.3.2/debian/rules
+++ strongswan-4.3.2/debian/rules
@@ -85,7 +85,7 @@
 install: build-stamp
        dh_testdir
        dh_testroot
-       dh_clean
+       dh_prep
        dh_installdirs
        $(MAKE) install DESTDIR=$(CURDIR)/debian/tmp
 
only in patch2:
unchanged:
--- strongswan-4.3.2.orig/src/libstrongswan/asn1/asn1.c
+++ strongswan-4.3.2/src/libstrongswan/asn1/asn1.c
@@ -260,25 +260,32 @@
        u_char n;
        size_t len;
        
-       /* advance from tag field on to length field */
-       blob->ptr++;
-       blob->len--;
-       
-       /* read first octet of length field */
-       n = *blob->ptr++;
-       blob->len--;
+       if (blob->len < 2)
+       {
+               DBG2("insufficient number of octets to parse ASN.1 length");
+               return ASN1_INVALID_LENGTH;
+       }
+       
+       /* read length field, skip tag and length */
+       n = blob->ptr[1];
+       *blob = chunk_skip(*blob, 2);
        
        if ((n & 0x80) == 0) 
-       {/* single length octet */
+       {       /* single length octet */
+               if (n > blob->len)
+               {
+                       DBG2("length is larger than remaining blob size");
+                       return ASN1_INVALID_LENGTH;
+               }
                return n;
        }
        
        /* composite length, determine number of length octets */
        n &= 0x7f;
        
-       if (n > blob->len)
+       if (n == 0 || n > blob->len)
        {
-               DBG2("number of length octets is larger than ASN.1 object");
+               DBG2("number of length octets invalid");
                return ASN1_INVALID_LENGTH;
        }
        



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to