[talk] IPSec vulnerability?
Christos Zoulas
christos at zoulas.com
Tue May 19 11:17:33 EDT 2015
On May 19, 11:13am, christos at zoulas.com (Christos Zoulas) wrote:
-- Subject: Re: [talk] IPSec vulnerability?
| And it doesn't :-( I kept trying and I was able to reproduce the
| coredump using the provided server configuration file. I.e. some
| configurations are vulnerable and others are not. I was not able
| to make the server coredump using the other scripts. Here's the
| patch I am planning to commit...
The check should be done earlier to prevent a memory leak:
Index: gssapi.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/gssapi.c,v
retrieving revision 1.4
retrieving revision 1.6
diff -u -r1.4 -r1.6
--- gssapi.c 9 Sep 2006 16:22:09 -0000 1.4
+++ gssapi.c 19 May 2015 15:16:00 -0000 1.6
@@ -192,6 +192,11 @@
gss_name_t princ, canon_princ;
OM_uint32 maj_stat, min_stat;
+ if (iph1->rmconf == NULL) {
+ plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
+ return -1;
+ }
+
gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
if (gps == NULL) {
plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");
More information about the talk
mailing list