oss-sec mailing list archives
CVE Request: ipsec-tools
From: Seth Arnold <seth.arnold () canonical com>
Date: Tue, 19 May 2015 19:38:13 -0700
Hello, Javantea reports a null pointer dereference in the ipsec-tools package on the full-disclosure mail list: http://seclists.org/fulldisclosure/2015/May/81 Christos Zoulas proposed a fix on the same list: http://seclists.org/fulldisclosure/2015/May/83 --- gssapi.c 9 Sep 2006 16:22:09 -0000 1.4 +++ gssapi.c 19 May 2015 15:16:00 -0000 1.6 @@ -192,6 +192,11 @@ gss_name_t princ, canon_princ; OM_uint32 maj_stat, min_stat; + if (iph1->rmconf == NULL) { + plog(LLV_ERROR, LOCATION, NULL, "no remote config\n"); + return -1; + } + gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state)); if (gps == NULL) { plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n"); Please allocate a CVE for this issue. Thanks
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE Request: ipsec-tools Seth Arnold (May 19)
- Re: CVE Request: ipsec-tools cve-assign (May 21)