libreswan/libreswan-4.12-CVE-2026-12413.patch
Daiki Ueno 459896cfac Backport fixes for CVE-2026-12413, CVE-2026-50721 and CVE-2026-50722
Resolves: RHEL-190146
Resolves: RHEL-190140
Resolves: RHEL-190132
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2026-07-09 11:35:34 +00:00

26 lines
914 B
Diff

From b702e3bd21a86214d80305710ddebee8b806a9fd Mon Sep 17 00:00:00 2001
From: Paul Wouters <paul.wouters@aiven.io>
Date: Thu, 9 Jul 2026 14:49:51 +0900
Subject: [PATCH 3/3] Fix for CVE-2026-12413
---
programs/pluto/ikev2_message.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/programs/pluto/ikev2_message.c b/programs/pluto/ikev2_message.c
index 84b289ca8f..a691346218 100644
--- a/programs/pluto/ikev2_message.c
+++ b/programs/pluto/ikev2_message.c
@@ -1000,7 +1000,7 @@ struct msg_digest *reassemble_v2_incoming_fragments(struct v2_incoming_fragments
passert(md->chain[ISAKMP_NEXT_v2SK] == NULL);
passert(md->chain[ISAKMP_NEXT_v2SKF] != NULL);
pexpect(md->chain[ISAKMP_NEXT_v2SKF]->payload.v2skf.isaskf_number == 1);
- passert(md->digest_roof < elemsof(md->digest));
+ passert(md->digest_roof <= elemsof(md->digest));
/*
* Pass 1: Compute the total payload size.
--
2.54.0