mirror of
https://git.freebsd.org/ports.git
synced 2025-05-18 18:13:12 -04:00
4e95cbb248
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place. The fix obtained from NetBSD CVS head with a command: cvs diff -D 2017-01-24 -D 2017-09-01 \ src/racoon/handler.h \ src/racoon/isakmp.c \ src/racoon/isakmp_frag.c \ src/racoon/isakmp_inf.c While here, add LICENSE. PR: 225066 Approved by: VANHULLEBUS Yvan (maintainer timeout, 3 months) Obtained from: NetBSD MFH: 2018Q1 Security: CVE-2016-10396
22 lines
763 B
C
22 lines
763 B
C
Index: src/racoon/isakmp_inf.c
|
|
===================================================================
|
|
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c,v
|
|
retrieving revision 1.50
|
|
retrieving revision 1.51
|
|
diff -p -u -r1.50 -r1.51
|
|
--- src/racoon/isakmp_inf.c 12 Apr 2013 09:53:10 -0000 1.50
|
|
+++ src/racoon/isakmp_inf.c 24 Jan 2017 19:23:56 -0000 1.51
|
|
@@ -1,4 +1,4 @@
|
|
-/* $NetBSD: isakmp_inf.c,v 1.50 2013/04/12 09:53:10 tteras Exp $ */
|
|
+/* $NetBSD: isakmp_inf.c,v 1.51 2017/01/24 19:23:56 christos Exp $ */
|
|
|
|
/* Id: isakmp_inf.c,v 1.44 2006/05/06 20:45:52 manubsd Exp */
|
|
|
|
@@ -720,6 +720,7 @@ isakmp_info_send_nx(isakmp, remote, loca
|
|
#endif
|
|
#ifdef ENABLE_FRAG
|
|
iph1->frag = 0;
|
|
+ iph1->frag_last_index = 0;
|
|
iph1->frag_chain = NULL;
|
|
#endif
|
|
|