package/strongswan/strongswan-0004-CVE-2013-6075-fix.patch - buildroot - Git at Google

 From aa277adfc204b6bda2c3792710138f9a8723a8f1 Mon Sep 17 00:00:00 2001
 From: Martin Willi <martin@revosec.ch>
 Date: Mon, 7 Oct 2013 14:21:57 +0200
 Subject: [PATCH] identification: Properly check length before comparing for
  binary DN equality

 Fixes CVE-2013-6075.
 ---
  src/libstrongswan/utils/identification.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
 index 5df3e5f..9c43ad5 100644
 --- a/src/libstrongswan/utils/identification.c
 +++ b/src/libstrongswan/utils/identification.c
 @@ -602,7 +602,7 @@ static bool compare_dn(chunk_t t_dn, chunk_t o_dn, int *wc)
  		}
  	}
  	/* try a binary compare */
 -	if (memeq(t_dn.ptr, o_dn.ptr, t_dn.len))
 +	if (chunk_equals(t_dn, o_dn))
  	{
  		return TRUE;
  	}
 --
 1.8.1.2
	From aa277adfc204b6bda2c3792710138f9a8723a8f1 Mon Sep 17 00:00:00 2001
	From: Martin Willi <martin@revosec.ch>
	Date: Mon, 7 Oct 2013 14:21:57 +0200
	Subject: [PATCH] identification: Properly check length before comparing for
	binary DN equality

	Fixes CVE-2013-6075.
	---
	src/libstrongswan/utils/identification.c \| 2 +-
	1 file changed, 1 insertion(+), 1 deletion(-)

	diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
	index 5df3e5f..9c43ad5 100644
	--- a/src/libstrongswan/utils/identification.c
	+++ b/src/libstrongswan/utils/identification.c
	@@ -602,7 +602,7 @@ static bool compare_dn(chunk_t t_dn, chunk_t o_dn, int *wc)
	}
	}
	/* try a binary compare */
	- if (memeq(t_dn.ptr, o_dn.ptr, t_dn.len))
	+ if (chunk_equals(t_dn, o_dn))
	{
	return TRUE;
	}
	--
	1.8.1.2