|
Message-ID: <20150520023813.GB18594@hunt>
Date: Tue, 19 May 2015 19:38:13 -0700
From: Seth Arnold <seth.arnold@...onical.com>
To: oss-security@...ts.openwall.com
Cc: security@...ntu.com, cve-assign@...re.org
Subject: CVE Request: ipsec-tools
Hello,
Javantea reports a null pointer dereference in the ipsec-tools package on
the full-disclosure mail list:
http://seclists.org/fulldisclosure/2015/May/81
Christos Zoulas proposed a fix on the same list:
http://seclists.org/fulldisclosure/2015/May/83
--- gssapi.c 9 Sep 2006 16:22:09 -0000 1.4
+++ gssapi.c 19 May 2015 15:16:00 -0000 1.6
@@ -192,6 +192,11 @@
gss_name_t princ, canon_princ;
OM_uint32 maj_stat, min_stat;
+ if (iph1->rmconf == NULL) {
+ plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
+ return -1;
+ }
+
gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
if (gps == NULL) {
plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");
Please allocate a CVE for this issue.
Thanks
Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.