Protect against a NULL pointer dereference described in:

https://www.altsci.com/ipsec/ Patch obtained from src/crypto/dist/ipsec-tools/src/racoon/gssapi.c Bump PKGREVISION
TritonDataCenter · May 19, 2015 · e64105f · e64105f
1 parent 9e81f83
commit e64105f
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 3 deletions.
diff --git a/security/ipsec-tools/Makefile b/security/ipsec-tools/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.35 2014/02/12 23:18:32 tron Exp $
+# $NetBSD: Makefile,v 1.36 2015/05/19 15:45:44 sevan Exp $
 
 DISTNAME=		ipsec-tools-0.7.3
-PKGREVISION=		2
+PKGREVISION=		3
 CATEGORIES=		security
 MASTER_SITES=		${MASTER_SITE_NETBSD:=ipsec-tools/}
 EXTRACT_SUFX=		.tar.bz2

diff --git a/security/ipsec-tools/distinfo b/security/ipsec-tools/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.16 2010/03/06 09:07:15 spz Exp $
+$NetBSD: distinfo,v 1.17 2015/05/19 15:45:44 sevan Exp $
 
 SHA1 (ipsec-tools-0.7.3.tar.bz2) = 19dc160643547a0bfabf0fe0ad1a181d3c28f410
 RMD160 (ipsec-tools-0.7.3.tar.bz2) = e0ff32f0daa845934ac868ad5f36d58b25919c30
 Size (ipsec-tools-0.7.3.tar.bz2) = 776096 bytes
+SHA1 (patch-src_racoon_gssapi.c) = 6294956137e91749feee8de9da696c492fe786b9
diff --git a/security/ipsec-tools/patches/patch-src_racoon_gssapi.c b/security/ipsec-tools/patches/patch-src_racoon_gssapi.c
@@ -0,0 +1,19 @@
+$NetBSD: patch-src_racoon_gssapi.c,v 1.1 2015/05/19 15:45:44 sevan Exp $
+
+Protect against a NULL pointer dereference described in:
+https://www.altsci.com/ipsec/
+
+--- src/racoon/gssapi.c.orig	2015-05-19 15:28:49.000000000 +0000
++++ src/racoon/gssapi.c
+@@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1)
+ 	gss_name_t princ, canon_princ;
+ 	OM_uint32 maj_stat, min_stat;
+
++	if (iph1->rmconf == NULL) {
++		plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
++		return -1;
++	}
++
+ 	gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
+ 	if (gps == NULL) {
+ 		plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");