import libreswan-4.9-4.el9_2

2023-05-16 18:43:06 +00:00 · 2023-05-16 18:43:06 +00:00 · 6a0a5ce8d4
commit 6a0a5ce8d4
parent 9165e963c0
2 changed files with 140 additions and 1 deletions
--- a/SOURCES/libreswan-4.9-cve-2023-30570.patch
+++ b/SOURCES/libreswan-4.9-cve-2023-30570.patch
@ -0,0 +1,129 @@
 diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c
 index e0615323ed..401618b6dd 100644
 --- a/programs/pluto/ikev1.c
 +++ b/programs/pluto/ikev1.c
@@ -1101,10 +1101,20 @@ void process_v1_packet(struct msg_digest *md)
 	struct state *st = NULL;
 	enum state_kind from_state = STATE_UNDEFINED;   /* state we started in */
 +	/*
 +	 * For the initial responses, don't leak the responder's SPI.
 +	 * Hence the use of send_v1_notification_from_md().
 +	 *
 +	 * AGGR mode is a mess in that the R0->R1 transition happens
 +	 * well before the transition succeeds.
 +	 */
 #define SEND_NOTIFICATION(t)						\
 	{								\
 		pstats(ikev1_sent_notifies_e, t);			\
 -		if (st != NULL)						\
 +		if (st != NULL &&					\
 +		    st->st_state->kind != STATE_AGGR_R0 &&		\
 +		    st->st_state->kind != STATE_AGGR_R1 &&		\
 +		    st->st_state->kind != STATE_MAIN_R0)		\
 			send_v1_notification_from_state(st, from_state, t); \
 		else							\
 			send_v1_notification_from_md(md, t);		\
@@ -1168,17 +1178,26 @@ void process_v1_packet(struct msg_digest *md)
 			from_state = (md->hdr.isa_xchg == ISAKMP_XCHG_IDPROT ?
 				      STATE_MAIN_R0 : STATE_AGGR_R0);
 		} else {
 -			/* not an initial message */
 +			/*
 +			 * Possibly not an initial message.  Possibly
 +			 * from initiator.  Possibly from responder.
 +			 *
 +			 * Possibly.  Which is probably hopeless.
 +			 */
 			st = find_state_ikev1(&md->hdr.isa_ike_spis,
 					      md->hdr.isa_msgid);
 			if (st == NULL) {
 				/*
 -				 * perhaps this is a first message
 +				 * Perhaps this is a first message
 				 * from the responder and contains a
 				 * responder cookie that we've not yet
 				 * seen.
 +				 *
 +				 * Perhaps this is a random message
 +				 * with a bogus non-zero responder IKE
 +				 * SPI.
 				 */
 				st = find_state_ikev1_init(&md->hdr.isa_ike_initiator_spi,
 							   md->hdr.isa_msgid);
@@ -1189,6 +1208,21 @@ void process_v1_packet(struct msg_digest *md)
 					/* XXX Could send notification back */
 					return;
 				}
 +				if (st->st_state->kind == STATE_AGGR_R0) {
 +					/*
 +					 * The only way for this to
 +					 * happen is for the attacker
 +					 * to guess the responder's
 +					 * IKE SPI that hasn't been
 +					 * sent over the wire?
 +					 *
 +					 * Well that or played 1/2^32
 +					 * odds.
 +					 */
 +					llog_pexpect(md->md_logger, HERE,
 +						     "phase 1 message matching AGGR_R0 state");
 +					return;
 +				}
 			}
 			from_state = st->st_state->kind;
 		}
@@ -2870,7 +2904,28 @@ void complete_v1_state_transition(struct state *st, struct msg_digest *md, stf_s
 			delete_state(st);
 			/* wipe out dangling pointer to st */
 			md->v1_st = NULL;
 +		} else if  (st->st_state->kind == STATE_AGGR_R0 ||
 +			    st->st_state->kind == STATE_AGGR_R1 ||
 +			    st->st_state->kind == STATE_MAIN_R0) {
 +			/*
 +			 *
 +			 * Wipe out the incomplete larval state.
 +			 *
 +			 * ARGH! In <=v4.10, the aggr code flipped the
 +			 * larval state to R1 right at the start of
 +			 * the transition and not the end, so using
 +			 * state to figure things out is close to
 +			 * useless.
 +			 *
 +			 * Deleting the state means that pluto has no
 +			 * way to detect and ignore amplification
 +			 * attacks.
 +			 */
 +			delete_state(st);
 +			/* wipe out dangling pointer to st */
 +			md->v1_st = NULL;
 		}
 +
 		break;
 	}
 	}
 diff --git a/programs/pluto/ikev1_aggr.c b/programs/pluto/ikev1_aggr.c
 index 2732951beb..87be80cb6c 100644
 --- a/programs/pluto/ikev1_aggr.c
 +++ b/programs/pluto/ikev1_aggr.c
@@ -169,7 +169,7 @@ stf_status aggr_inI1_outR1(struct state *null_st UNUSED,
 	/* Set up state */
 	struct ike_sa *ike = new_v1_rstate(c, md);
 	md->v1_st = &ike->sa;  /* (caller will reset cur_state) */
 -	change_v1_state(&ike->sa, STATE_AGGR_R1);
 +	change_v1_state(&ike->sa, STATE_AGGR_R0);
 	/*
 	 * Warn when peer is expected to use especially dangerous
@@ -197,7 +197,8 @@ stf_status aggr_inI1_outR1(struct state *null_st UNUSED,
 	if (!v1_decode_certs(md)) {
 		llog_sa(RC_LOG, ike, "X509: CERT payload bogus or revoked");
 -		return false;
 +		/* XXX notification is in order! */
 +		return STF_FAIL_v1N + v1N_INVALID_ID_INFORMATION;
 	}
 	/*
--- a/SPECS/libreswan.spec
+++ b/SPECS/libreswan.spec
@ -31,7 +31,7 @@ Name: libreswan
 Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
 # version is generated in the release script
 Version: 4.9
-Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist}
+Release: %{?prever:0.}4%{?prever:.%{prever}}%{?dist}
 License: GPLv2
 Url: https://libreswan.org/
 Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz
@ -42,6 +42,7 @@ Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2
 %endif
 Patch: libreswan-4.6-ikev1-policy-defaults-to-drop.patch
 Patch: libreswan-4.9-cve-2023-23009.patch
 Patch: libreswan-4.9-cve-2023-30570.patch
 BuildRequires: audit-libs-devel
 BuildRequires: bison
@ -197,6 +198,15 @@ certutil -N -d sql:$tmpdir --empty-password
 %doc %{_mandir}/*/*
 %changelog
 * Thu May 04 2023 Sahana Prasad <sahana@redhat.com> - 4.9-4
 - Just bumping up the version as an incorrect 9.3 build was created.
 - Related: rhbz#2187171
 * Thu May 04 2023 Sahana Prasad <sahana@redhat.com> - 4.9-3
 - Fix CVE-2023-30570:Malicious IKEv1 Aggressive Mode packets can crash
  libreswan
 - Resolves: rhbz#2187171
 * Tue Apr  4 2023 Daiki Ueno <dueno@redhat.com> - 4.9-2
 - Fix CVE-2023-23009: remote DoS via crafted TS payload with an
  incorrect selector length (rhbz#2173674)