From 985d1042af6e37957a32cd972ef29479afd83677 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Thu, 6 Jun 2024 21:50:03 +0900 Subject: [PATCH] Fix CVE-2024-3652 Resolves: RHEL-32482 Signed-off-by: Daiki Ueno --- ...an-4.12-ikev1-compute-keymat-default.patch | 92 +++++++++++++++++++ libreswan.spec | 7 +- 2 files changed, 98 insertions(+), 1 deletion(-) create mode 100644 libreswan-4.12-ikev1-compute-keymat-default.patch diff --git a/libreswan-4.12-ikev1-compute-keymat-default.patch b/libreswan-4.12-ikev1-compute-keymat-default.patch new file mode 100644 index 0000000..7f283f0 --- /dev/null +++ b/libreswan-4.12-ikev1-compute-keymat-default.patch @@ -0,0 +1,92 @@ +From 5101913b1e623121a9222f11eefa18f0a2708b00 Mon Sep 17 00:00:00 2001 +From: Andrew Cagney +Date: Wed, 27 Mar 2024 10:43:19 -0400 +Subject: [PATCH] ikev1: in compute_proto_keymat() only allow explicitly + handled ESP algorithms + +--- + programs/pluto/ikev1_quick.c | 41 ++++++++++++++---------------------- + 1 file changed, 16 insertions(+), 25 deletions(-) + +diff --git a/programs/pluto/ikev1_quick.c b/programs/pluto/ikev1_quick.c +index 81c522c148..22c346afb4 100644 +--- a/programs/pluto/ikev1_quick.c ++++ b/programs/pluto/ikev1_quick.c +@@ -203,7 +203,7 @@ static bool emit_subnet_id(enum perspective perspective, + * RFC 2409 "IKE" section 5.5 + * specifies how this is to be done. + */ +-static void compute_proto_keymat(struct state *st, ++static bool compute_proto_keymat(struct state *st, + uint8_t protoid, + struct ipsec_proto_info *pi, + const char *satypename) +@@ -297,27 +297,13 @@ static void compute_proto_keymat(struct state *st, + } + break; + +- case ESP_CAST: +- case ESP_TWOFISH: +- case ESP_SERPENT: +- /* ESP_SEED is for IKEv1 only and not supported. Its number in IKEv2 has been re-used */ +- bad_case(pi->attrs.transattrs.ta_ikev1_encrypt); +- + default: +- /* bytes */ +- needed_len = encrypt_max_key_bit_length(pi->attrs.transattrs.ta_encrypt) / BITS_PER_BYTE; +- if (needed_len > 0) { +- /* XXX: check key_len coupling with kernel.c's */ +- if (pi->attrs.transattrs.enckeylen) { +- needed_len = +- pi->attrs.transattrs.enckeylen +- / BITS_PER_BYTE; +- dbg("compute_proto_keymat: key_len=%d from peer", +- (int)needed_len); +- } +- break; +- } +- bad_case(pi->attrs.transattrs.ta_ikev1_encrypt); ++ { ++ enum_buf eb; ++ llog(RC_LOG, st->st_logger, "rejecting request for keymat for %s", ++ str_enum(&esp_transformid_names, protoid, &eb)); ++ return false; ++ } + } + dbg("compute_proto_keymat: needed_len (after ESP enc)=%d", (int)needed_len); + needed_len += pi->attrs.transattrs.ta_integ->integ_keymat_size; +@@ -359,14 +345,17 @@ static void compute_proto_keymat(struct state *st, + DBG_dump_hunk(" inbound:", pi->inbound.keymat); + DBG_dump_hunk(" outbound:", pi->outbound.keymat); + } ++ ++ return true; + } + +-static void compute_keymats(struct state *st) ++static bool compute_keymats(struct state *st) + { + if (st->st_ah.present) +- compute_proto_keymat(st, PROTO_IPSEC_AH, &st->st_ah, "AH"); ++ return compute_proto_keymat(st, PROTO_IPSEC_AH, &st->st_ah, "AH"); + if (st->st_esp.present) +- compute_proto_keymat(st, PROTO_IPSEC_ESP, &st->st_esp, "ESP"); ++ return compute_proto_keymat(st, PROTO_IPSEC_ESP, &st->st_esp, "ESP"); ++ return false; + } + + /* +@@ -1460,7 +1449,9 @@ static stf_status quick_inI1_outR1_continue12_tail(struct state *st, struct msg_ + fixup_v1_HASH(st, &hash_fixup, st->st_v1_msgid.id, rbody.cur); + + /* Derive new keying material */ +- compute_keymats(st); ++ if (!compute_keymats(st)) { ++ return STF_FATAL; ++ } + + /* Tell the kernel to establish the new inbound SA + * (unless the commit bit is set -- which we don't support). +-- +2.45.0 + diff --git a/libreswan.spec b/libreswan.spec index 4d41979..d0ff40a 100644 --- a/libreswan.spec +++ b/libreswan.spec @@ -37,7 +37,7 @@ Name: libreswan Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols # version is generated in the release script Version: 4.12 -Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist}.3 +Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist}.4 License: GPLv2 Url: https://libreswan.org/ @@ -54,6 +54,7 @@ Patch3: libreswan-4.1-maintain-obsolete-keywords.patch Patch6: libreswan-4.3-1934186-config.patch Patch7: libreswan-4.9-2176248-authby-rsasig.patch Patch8: libreswan-4.12-ikev2-auth-delete-state.patch +Patch9: libreswan-4.12-ikev1-compute-keymat-default.patch BuildRequires: audit-libs-devel BuildRequires: bison @@ -114,6 +115,7 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04 %patch6 -p1 %patch7 -p1 %patch8 -p1 +%patch9 -p1 # linking to freebl is not needed sed -i "s/-lfreebl //" mk/config.mk @@ -217,6 +219,9 @@ certutil -N -d sql:$tmpdir --empty-password %attr(0644,root,root) %doc %{_mandir}/*/* %changelog +* Thu Jun 6 2024 Daiki Ueno - 4.12-2.4 +- Fix CVE-2024-3652 (RHEL-32482) + * Wed Apr 17 2024 Daiki Ueno - 4.12-2.3 - Bump release to ensure el8 package is greater than el8_* packages