008-racoon-fix_dereference_crash.patch 484 B

12345678910111213141516
  1. Fix null dereference in racoon/gssapi.c (CVE-2015-4047)
  2. --- a/src/racoon/gssapi.c
  3. +++ b/src/racoon/gssapi.c
  4. @@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1)
  5. gss_name_t princ, canon_princ;
  6. OM_uint32 maj_stat, min_stat;
  7. + if (iph1->rmconf == NULL) {
  8. + plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
  9. + return -1;
  10. + }
  11. +
  12. gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
  13. if (gps == NULL) {
  14. plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");