Update SA-18:01 with revision and a new patch.

svn path=/head/; revision=51472
2018-03-08 06:17:31 +00:00 · 2018-03-08 06:17:31 +00:00 · 11920f8b47 · 2020-12-08 03:00:23 +00:00
commit 11920f8b47
parent f64ee9f32b
3 changed files with 64 additions and 18 deletions
--- a/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc
+++ b/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc
@ -2,7 +2,7 @@
 Hash: SHA512

 =============================================================================
-FreeBSD-SA-18:01.ipsec                                      Security Advisory
+FreeBSD-SA-18:01.ipsec [REVISED]                            Security Advisory
                                                          The FreeBSD Project

 Topic:          ipsec validation and use-after-free
@ -15,8 +15,8 @@ Affects:        All supported versions of FreeBSD.
 Corrected:      2018-02-24 13:04:02 UTC (stable/11, 11.1-STABLE)
                2018-03-07 05:53:35 UTC (releng/11.1, 11.1-RELEASE-p7)
                2018-03-07 16:55:15 UTC (stable/10, 10.4-STABLE)
-                2018-03-07 17:16:41 UTC (releng/10.4, 10.4-RELEASE-p6)
-                2018-03-07 17:16:41 UTC (releng/10.3, 10.3-RELEASE-p27)
+                2018-03-07 17:16:41 UTC (releng/10.4, 10.4-RELEASE-p7)
+                2018-03-07 17:16:41 UTC (releng/10.3, 10.3-RELEASE-p28)
 CVE Name:       CVE-2018-6916

 For general information regarding FreeBSD Security Advisories,
@ -26,7 +26,7 @@ following sections, please visit <URL:https://security.FreeBSD.org/>.
 0.   Revision History

 v1.0  2018-03-07 Initial release.
-v1.1  2018-03-07 Correct patch for 10.x releases.
+v1.1  2018-03-08 Correct patch for 10.x releases.

 I.   Background

@ -77,14 +77,25 @@ And reboot the system
 The following patches have been verified to apply to the applicable
 FreeBSD release branches.

+[*** v1.1 NOTE ***] If your 10.x sources were already patched using the
+initially published advisory patches, you need to apply the
+ipsec-10.rev1.patch. If you had not yet patched your 10.x sources, you need
+only apply the ipsec-10.patch file. 11.1 sources were correct in the initial
+release and do not need to be updated.
+
 a) Download the relevant patch from the location below, and verify the
 detached PGP signature using your PGP utility.

-[FreeBSD 10.x]
+[FreeBSD 10.x system not patched with the original SA-18:01 patch]
 # fetch https://security.FreeBSD.org/patches/SA-18:01/ipsec-10.patch
 # fetch https://security.FreeBSD.org/patches/SA-18:01/ipsec-10.patch.asc
 # gpg --verify ipsec-10.patch.asc

+[FreeBSD 10.x that had been patched with the original SA-18:01 patch]
+# fetch https://security.FreeBSD.org/patches/SA-18:01/ipsec-10.rev1.patch
+# fetch https://security.FreeBSD.org/patches/SA-18:01/ipsec-10.rev1.patch.asc
+# gpg --verify ipsec-10.rev1.patch.asc
+
 [FreeBSD 11.1]
 # fetch https://security.FreeBSD.org/patches/SA-18:01/ipsec-11.patch
 # fetch https://security.FreeBSD.org/patches/SA-18:01/ipsec-11.patch.asc
@ -131,19 +142,19 @@ The latest revision of this advisory is available at
 <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-18:01.ipsec.asc>
 -----BEGIN PGP SIGNATURE-----

-iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqgIMpfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqg1K9fFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
 MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
-5cIRsA//b3GwfCJwKRdmxvEeTMxSrlppHr3x+quY9HhJEy1Sp4G4aPv4T5J0wjwX
-vYdRuCtYSbdewGrOtq77Lwf0QKmvay6rvY/FB5Mm5EXqzdSzKLoEWqv9n0ShRbA4
-4M61TaqrK6TB/zE+CRm9LS1Vmx7sfOh7ebhWvt1oKoobC/9p/1W/622ZJ6CsE7vc
-GWg0zJzbCpw3MfhCF8dTr7mjheL7EiXBQaSNDIa4FqSScPshk87VmUM7rd8NYUuX
-ADDTOyQ/9ycwPecHl1/IlFRsIOGXl7mvXy8SibRUsSFNZB53x+915hLRhH+YuQH8
-aoWVT+mTwOsJPs36Nd+PwV3iJ5jcLaIXFlx65JHu+rep7BXDpDM6N7BHoeDl3s+y
-8qwFUwb6wVEMj93kM8X+VdVx1nyFr/MTFsbj6CaIryXm+X/QtE4TCzDoWn+P+cpo
-Ic7q/NDA4abU1KEOQYAS8TTrJl+VTtAVl2gv/D3+TGOXWebXkoAsKvRbXC7eesWa
-b1GD5my7sSPmMsSsiNxNus9EtWOE0QMu6Asa/fDhhsg+jUSdsn8Iduia62UFeCXz
-NBq87Gobw1WM+N7aDKDbt9+hXBZu3YTPL31IDhCj5ezOWQ77qpDV7c0CiQsRqLjG
-nwgNe41g2bhjIFpIoyA/e4aXdOuYHsUKYFCmmzCO1ZGO3NkB0VQ=
-=Yb3u
+5cJCDQ/+OpTS1PrKiwuRsJ5i0RWnS8C9d/dIn9C83JJtuxhGb+CEY5bYSVKufsW/
+ilkUK3fiOWWwDHYecZW15qvt1E2E6Hm608b+K37bqL+FKobNj78B+KQr4erb0183
+/Kqo0TKDtsUzr20sNFWgeQWgHP/EqyWyJuB2zfOSb1vGUViiuxJfMxajzfE2tKqh
+IDG/QpMvRolJFKSWdQnF08NIYLXfffZ4Sz9+VDCdfeLEQKi+LT6DJnlGDz/rR5iB
+TwyMg3AbobpGuuV0puOZTul2GiHaPwh/fJR8JoG13+kK5VznvrOXopLAl2CVAjtj
+mNuHeQHwaSQanSXgKtYxZG4/w1JDMSr60FKgG7FizhJ+9WAbjPySbb+wV5qJD4oY
+a8F2urt3Tj1c1l4juOctVW+NVSS96idpf9NsmsmticTujgBu+2k63+cSIchiNj1B
+ZcPw5PLgiC/r0P6FITrwXa7zJLNHdFrPvNihKTlEHJAgGno7FJJpdagxmcfGnpb2
+74VlbQF7Tq+9NQJU23y9Vj3YL0XERB/b45oRHkBEoVJKgK9/4U4mzFufn4PfANUt
+0hcgMlxTOVKt0S405dh4I6ok51iq6XDol18QoYbXJHqMuEq7Lo80fKuq8gpKmCJ0
+h3NBYJKPUsngfJUisXS7VrQx3zTB8Yyp1BykpCDKET8LVJGmV7c=
+=RMG/
 -----END PGP SIGNATURE-----
--- a/share/security/patches/SA-18:01/ipsec-10.rev1.patch
+++ b/share/security/patches/SA-18:01/ipsec-10.rev1.patch
@ -0,0 +1,17 @@
+--- sys/netipsec/xform_ah.c.orig
+++ sys/netipsec/xform_ah.c
+@@ -619,11 +619,11 @@
+ 		DPRINTF(("%s: bad mbuf length %u (expecting %lu)"
+ 		    " for packet in SA %s/%08lx\n", __func__,
+ 		    m->m_pkthdr.len, (u_long) (skip + authsize + rplen),
+-		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
+		    ipsec_address(&sav->sah->saidx.dst),
+ 		    (u_long) ntohl(sav->spi)));
+ 		AHSTAT_INC(ahs_badauthl);
+-		error = EACCES;
+-		goto bad;
+		m_freem(m);
+		return EACCES;
+ 	}
+ 	AHSTAT_ADD(ahs_ibytes, m->m_pkthdr.len - skip - hl);
+ 
--- a/share/security/patches/SA-18:01/ipsec-10.rev1.patch.asc
+++ b/share/security/patches/SA-18:01/ipsec-10.rev1.patch.asc
@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqgutVfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cI6Yg//dYhm+VAIs8cB/n3asDDqTdNY1TfSse5U8YXDXN0fvZGBfa5Fg+hrqQFk
+CkFuwJrnsiBQ2d0HEBTG5jrQGjPCfGszKlCQoLzoCF+nv2nEqQZISBgdjTkRRhFB
+LfDbSPhlgHqQVHpNjp03hSJlz/57svLVIdmbZYKqITRMhuE9yR1RK5x51br88Jse
+ImcmZpojG1p/5ECiLunf/fEwh1riN2kWwZWStQCqEX0XF9aV55unCkM4OQdiUEyJ
+WUXlS0XljkG2BwopAVMUkYx8G5N/Mj6VRogkohitEpdToQXJ+EdwzE5bOqkEZMwx
+k9gwUNwpGqZeuThGa1ZeqJ3Izf1iF+6DNEOhxSYNfVgGY7Kjf5AtS+lSUdxMjTmZ
+/hpgIW86QvSBjV7H7b0NZGXZQ2fItzPfVnVQ9agBpEzYG4IJiuGPXRfgmFKg33qp
+q+ip+PgkO1rwJSMg4PVUa5t8VR2ITTbgamLDK9NHylBPHwbUR9CeYgiBOjRljs4b
+j/QJi6TOQ/5vyUccW8ilGSGr0UQ3yrOZhkW298mn8o9FS6aoj8dbr9DXKLitSbkj
+iQssnB2xe6K2F6XYILK+Zi154zvGaXdzUFXZE8DE7XScDugM2QHqRNe7FlTc8IjJ
+fk9HdL55a+vzpFgu54TIz/tO/Rvz3rIGMVQ/WGF1wNIz36285Vs=
+=O3Zi
+-----END PGP SIGNATURE-----