From patchwork Thu Jun 4 08:05:00 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nitin Wankhade X-Patchwork-Id: 89295 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 450C4CD6E4A for ; Thu, 4 Jun 2026 08:05:26 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6321.1780560323865218905 for ; Thu, 04 Jun 2026 01:05:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=aX4I5Hu3; spf=pass (domain: gmail.com, ip: 209.85.210.169, mailfrom: jackson.james9803@gmail.com) Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-842264dde84so808215b3a.0 for ; Thu, 04 Jun 2026 01:05:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780560323; x=1781165123; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=ZugkIBxAOKcQiFHJ5MMbRTqB9cyIjBh64IDSsZ8yr/A=; b=aX4I5Hu3TBP4KHzwa6iqGxXpOHUMumM2Ax5UsG7HIcTCXHYyPJ4wfsYYHXayPlyLI3 H9LCnFfrRhAvegtACBdAPBULokYzayzlYBOkE/YfWy43aW0IrQWHPgIg9uhd15TDq1OV UKiYqgZaB3OUH+mXkpykYo3x391nANHDKzj4R6r6e0GL721uxF6ikzyodmYjSsG2YGuy HKtsEB0X69QRTsBgNiiqva0nkXcvs691QrtaFEE+tXadDCcAPts1OkFzXC2RZHJy3/7/ uVecP02rMpU5xsq/Gf5WQn7T/twTQbMqGjJn90SNqMfVqIIbSoBRWoAWQA4aDeN4TAvy 0Iew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780560323; x=1781165123; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=ZugkIBxAOKcQiFHJ5MMbRTqB9cyIjBh64IDSsZ8yr/A=; b=RKQr7MEYvOcEFcE73RyaefoU0f5KZt/DQlM3s12dfuxdg8U889rvc4kFZeThjYb4Fa sYJfmpyTZMEy070zIhqcKScjPhxAVZPf/BqF9+OkYUJZ43R3rNv0/TXblqTgN6r8I/yU ttAHqggr/C3WTLs16D5RT01RfAAN37voDQXJ1x7MlXyezxPcgDBs1fXM76e5EYZgCWl6 2L/PDywFUq7HcWuT6m+xNlulku9YtGygTZj450v6w4ESCYdMTyNBJQN2aBhyC5YCth41 dny9Jp2gmksjsk6IKjmcltGTiWzZOfdbl6iv0QzVSrGnOC9mqg8qH6++P60XnTQrQaJx R0Cg== X-Gm-Message-State: AOJu0Yzy3KDJFiJoVljRD6hnpnMBtfOOhS6iRTxZtQ9BS6MVCr3uW9ai eN7XMaRyL+jNwDISbibjQEA5xYTLWG4NbEBiKGmzFTGPrc5t3Cse4yxYavxlcA== X-Gm-Gg: Acq92OGn/YRdwr5S8yDJfOzxxB1b3y2ORr212Hpj3rBghXz2mfowjQHCS6GjEiPbuAf f5pZiKnYVfHpyz74dVSq9RsZ0TU62LhYbwrJG8/JI+nOvZCHdmRdDIq5+RW4PXbLx1zMprnfQRo /t0CbvntKmxqABmKJkZmfD0WAFt9nAGQwvyI5zMQoP/0wrJhF3R+wx/P2uzRrQvzHo2ICU8lp02 4hAqzhhh0o2TM9ZySa8X/9B0CV/jnqZZKj7VvUj9xfy1IecQJLgJ9qWM+/p26WGbPhUimMfuqH7 TL4gxS6FO7qPIQ3oHI14VSUyy6YVOMa6AmxfvoB8vw9f5k6tSlWHAp4ZpoLg9EzB7f1OmygCS7/ +G4Fvu8vd09UTVnXbsaR7zJEA01QcbzFyegJU0+XUyMsYfQXwYpc03Km9MpJAt12fEqFuEeBEEv MA5CYJrb5GTO1VhEAXz3EFEJ4pmEvscMSAWMfQ5Vx1JMf52A== X-Received: by 2002:a05:6a00:448d:b0:842:4a8e:2698 with SMTP id d2e1a72fcca58-8429b5c1480mr2285264b3a.9.1780560323146; Thu, 04 Jun 2026 01:05:23 -0700 (PDT) Received: from LL-868L.kpit.com ([103.155.222.113]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-842828e21c8sm6139001b3a.49.2026.06.04.01.05.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Jun 2026 01:05:22 -0700 (PDT) From: Nitin Wankhade X-Google-Original-From: Nitin Wankhade To: yocto-patches@lists.yoctoproject.org Cc: nitin.wankhade@kpit.com, Nitin Wankhade Subject: [meta-lts-collab][kirkstone][PATCH 1/7] strongswan: Fix CVE-2026-35328 Date: Thu, 4 Jun 2026 13:35:00 +0530 Message-Id: <20260604080506.274123-1-nitin.wankhade@kpit.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 04 Jun 2026 08:05:26 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/4132 From: Nitin Wankhade Upstream-Status: Backport [https://snapshot.debian.org/archive/debian-security-debug/20260422T125423Z/pool/updates/main/s/strongswan/strongswan_6.0.1-6%2Bdeb13u5.debian.tar.xz] Signed-off-by: Nitin Wankhade --- ...nt-infinite-loop-if-supported-versio.patch | 42 +++++++++++++++++++ .../strongswan/strongswan_5.9.13.bbappend | 3 ++ 2 files changed, 45 insertions(+) create mode 100644 meta-networking/recipes-support/strongswan/files/tls-server-Prevent-infinite-loop-if-supported-versio.patch create mode 100644 meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend diff --git a/meta-networking/recipes-support/strongswan/files/tls-server-Prevent-infinite-loop-if-supported-versio.patch b/meta-networking/recipes-support/strongswan/files/tls-server-Prevent-infinite-loop-if-supported-versio.patch new file mode 100644 index 0000000..32a23b3 --- /dev/null +++ b/meta-networking/recipes-support/strongswan/files/tls-server-Prevent-infinite-loop-if-supported-versio.patch @@ -0,0 +1,42 @@ +From: Tobias Brunner +Date: Wed, 25 Mar 2026 10:17:46 +0100 +Subject: tls-server: Prevent infinite loop if supported versions are too + short + +If the extension doesn't contain a multiple of two bytes, the previous +code would get stuck in an infinite loop as `remaining()` continued to +return TRUE while `read_uint16()` failed to parse a value. Initiating +several connections with such an extension allows a DoS attack as no +threads would eventually be available to handle packets/events. + +Fixes: 7fbe2e27ecf6 ("tls-server: TLS 1.3 support for TLS server implementation") +Fixes: CVE-2026-35328 + +CVE: CVE-2026-35328 +Upstream-Status: Backport [https://snapshot.debian.org/archive/debian-security-debug/20260422T125423Z/pool/updates/main/s/strongswan/strongswan_6.0.1-6%2Bdeb13u5.debian.tar.xz] +Signed-off-by: Nitin Wankhade +=== +diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c +index 3ad9fd2..7b2238e 100644 +--- a/src/libtls/tls_server.c ++++ b/src/libtls/tls_server.c +@@ -471,15 +471,12 @@ static status_t process_client_hello(private_tls_server_t *this, + bio_reader_t *client_versions; + + client_versions = bio_reader_create(versions); +- while (client_versions->remaining(client_versions)) ++ while (client_versions->read_uint16(client_versions, &version)) + { +- if (client_versions->read_uint16(client_versions, &version)) ++ if (this->tls->set_version(this->tls, version, version)) + { +- if (this->tls->set_version(this->tls, version, version)) +- { +- this->client_version = version; +- break; +- } ++ this->client_version = version; ++ break; + } + } + client_versions->destroy(client_versions); diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend new file mode 100644 index 0000000..c47ca7e --- /dev/null +++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend @@ -0,0 +1,3 @@ +SRC_URI += "\ + file://tls-server-Prevent-infinite-loop-if-supported-versio.patch \ +" From patchwork Thu Jun 4 08:05:01 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nitin Wankhade X-Patchwork-Id: 89296 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3156DCD6E68 for ; Thu, 4 Jun 2026 08:05:36 +0000 (UTC) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6279.1780560330926128950 for ; Thu, 04 Jun 2026 01:05:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=L3BF23EE; spf=pass (domain: gmail.com, ip: 209.85.210.176, mailfrom: jackson.james9803@gmail.com) Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-8422c327755so220177b3a.2 for ; Thu, 04 Jun 2026 01:05:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780560330; x=1781165130; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Jh7zmfrJe3I2LFGKZLbkfvwNhLT4eYiXnu9vrW80ZoY=; b=L3BF23EEc7N+wD0wvvXSGxnCxTiew6dBOB4pq30PZxvvDbV4Kjo9TjVu2LtzZG0De3 qqUO5BABp3vozGbGyU9QZ68ZSEwUVZyAUi7k4osIqiANPfCGLzSQ2mi7sbGPHAmevD/t 2O9sZyXRfbYY6cGUjZFPCyShv6fd8IIycowmkm/2VgFDcleKLOTR3rEzm1hf6AqFZiix u9AwNX+VBTmpA/JMk6EeT48hENUBdEkPobOLZ6/2bQSN7CQdbZ1Flle0qkHDfzfxvmnc b4iJe5NlwfaMHo1jxeoPAzHxZHEoCFqEOZCXgzzDLgxsuUjDvh31lvMfC+uH962912JP NPog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780560330; x=1781165130; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Jh7zmfrJe3I2LFGKZLbkfvwNhLT4eYiXnu9vrW80ZoY=; b=AiQ782LH+/wD34uhG4Kyz79tdtQwWEtfVNJyR1EXS3NNFi26OyB9q9Md+1DlV+QLWj vVJXCDPR1DSX7SuFSs6cHraFvWsFrmpbt7SNsesv9sGZz3yTAHJhokFIq6Ay2kppL3u5 R/WTkTG8DLJWRQi/NLTGQwluFfwZ4HtJ7yea/Kd+565Pac4Kq2uTQhKWAr2OU/nx7Iaf QKkT3SPKeD8XaRDph6JoT+IREBNxjTxldpfo8JhnkJ5U3BFdm0icj4gdkoC+FgXvbJ/R v6R6aW8dh4kbH1CoL4nmfN4+XJnT4ehNlBBbA5+01fAtkqTtyx8egtxXxNh3kmBMLmG1 8JzQ== X-Gm-Message-State: AOJu0YweXNsZlaP5XKP3BJAgFHQKPCsvnQVRwTJg5985V8jvZCgXrF1S fjJW0+QgRTJW4gDB4MfcO32Si5+zygE9eO7NXO9Psk3fNzw7dPRzhnvQCo+jEg== X-Gm-Gg: Acq92OGpAgZJVpO3KVyvfr5OA3B7RXNYN/u93g/dJlzopjQhlq8hDSp7aBz14rRSIh8 7eJjDKn3RHE5yBMosXPDbNadoIzQePvLi5cQsjEMjEcy6CyxRUdLkSL5hZJY7BF16sHU2jZ9kar gTm97BTYZ3rCfTObmGKgmAzDPrE4rq9a3ttX+8i7Tv5Z2a1VpHe3nkQutoP/RhYRJj0af9h7oPU CWXi0Yc4KJe5iGUstUxM9D8yNHsQzLJ2z3UYw2hZRh07zf7QfjYYXiWXEwigEG/uLV4Txm1iUZn tDCFhkmsj75Lp/K4WnVFOYJ9FJCZbEsK/Xbn8xdpNMZ4t4mLGEozp1fOF9UYMJEBQdmrv+U07+O iKgRirchJAOMCYT1Q/8xNpiAyUD5wkOPjMZzmaa9CicFh8SJtjZbHuo0zkzodTFBLQHO9W3ECBF uGxghGnW+J1udSiEZKzzkPORIUjXgD9+KyFr0ftvEikUK4Fw== X-Received: by 2002:a05:6a00:1ca2:b0:841:de16:8a8f with SMTP id d2e1a72fcca58-84284dc5ac9mr5907814b3a.7.1780560330267; Thu, 04 Jun 2026 01:05:30 -0700 (PDT) Received: from LL-868L.kpit.com ([103.155.222.113]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-842828e21c8sm6139001b3a.49.2026.06.04.01.05.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Jun 2026 01:05:29 -0700 (PDT) From: Nitin Wankhade X-Google-Original-From: Nitin Wankhade To: yocto-patches@lists.yoctoproject.org Cc: nitin.wankhade@kpit.com, Nitin Wankhade Subject: [meta-lts-collab][kirkstone][PATCH 2/7] strongswan: Fix CVE-2026-35329 Date: Thu, 4 Jun 2026 13:35:01 +0530 Message-Id: <20260604080506.274123-2-nitin.wankhade@kpit.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260604080506.274123-1-nitin.wankhade@kpit.com> References: <20260604080506.274123-1-nitin.wankhade@kpit.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 04 Jun 2026 08:05:36 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/4133 From: Nitin Wankhade Upstream-Status: Backport [https://snapshot.debian.org/archive/debian-security-debug/20260422T125423Z/pool/updates/main/s/strongswan/strongswan_6.0.1-6%2Bdeb13u5.debian.tar.xz] Signed-off-by: Nitin Wankhade --- ...d-NULL-pointer-dereference-when-veri.patch | 57 +++++++++++++++++++ .../strongswan/strongswan_5.9.13.bbappend | 1 + 2 files changed, 58 insertions(+) create mode 100644 meta-networking/recipes-support/strongswan/files/pkcs5-pkcs7-Avoid-NULL-pointer-dereference-when-veri.patch diff --git a/meta-networking/recipes-support/strongswan/files/pkcs5-pkcs7-Avoid-NULL-pointer-dereference-when-veri.patch b/meta-networking/recipes-support/strongswan/files/pkcs5-pkcs7-Avoid-NULL-pointer-dereference-when-veri.patch new file mode 100644 index 0000000..7c55d43 --- /dev/null +++ b/meta-networking/recipes-support/strongswan/files/pkcs5-pkcs7-Avoid-NULL-pointer-dereference-when-veri.patch @@ -0,0 +1,57 @@ +From: Tobias Brunner +Date: Wed, 25 Mar 2026 10:28:45 +0100 +Subject: pkcs5/pkcs7: Avoid NULL pointer dereference when verifying padding + +Can be triggered via empty PKCS#7 encrypted- or enveloped-data content +in IKEv1 CERT payload. + +Fixes: 4076e3ee9121 ("Extract PKCS#5 handling from pkcs8 plugin to separate helper class") +Fixes: d7aa09104f08 ("Implement PKCS#7 enveloped-data parsing and decryption") +Fixes: CVE-2026-35329 + +CVE: CVE-2026-35329 +Upstream-Status: Backport [https://snapshot.debian.org/archive/debian-security-debug/20260422T125423Z/pool/updates/main/s/strongswan/strongswan_6.0.1-6%2Bdeb13u5.debian.tar.xz] +Patch is refreshed as per the source code version 5.9.13 +Signed-off-by: Nitin Wankhade +=== +diff --git a/src/libstrongswan/crypto/pkcs5.c b/src/libstrongswan/crypto/pkcs5.c +index e48a9ad..134ccd3 100644 +--- a/src/libstrongswan/crypto/pkcs5.c ++++ b/src/libstrongswan/crypto/pkcs5.c +@@ -113,6 +113,11 @@ static bool verify_padding(crypter_t *crypter, chunk_t *blob) + { + uint8_t padding, count; + ++ if (!blob->len) ++ { ++ return FALSE; ++ } ++ + padding = count = blob->ptr[blob->len - 1]; + + if (padding > crypter->get_block_size(crypter)) +diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c b/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c +index 8b26bad..3d601d6 100644 +--- a/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c ++++ b/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c +@@ -182,10 +182,17 @@ static bool decrypt(private_key_t *private, chunk_t key, chunk_t iv, int oid, + */ + static bool remove_padding(private_pkcs7_enveloped_data_t *this) + { +- u_char *pos = this->content.ptr + this->content.len - 1; +- u_char pattern = *pos; +- size_t padding = pattern; ++ u_char *pos, pattern; ++ size_t padding; + ++ if (!this->content.len) ++ { ++ return FALSE; ++ } ++ ++ pos = this->content.ptr + this->content.len - 1; ++ pattern = *pos; ++ padding = pattern; + if (padding > this->content.len) + { + DBG1(DBG_LIB, "padding greater than data length"); diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend index c47ca7e..9def352 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend +++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend @@ -1,3 +1,4 @@ SRC_URI += "\ file://tls-server-Prevent-infinite-loop-if-supported-versio.patch \ + file://pkcs5-pkcs7-Avoid-NULL-pointer-dereference-when-veri.patch \ " From patchwork Thu Jun 4 08:05:02 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Nitin Wankhade X-Patchwork-Id: 89297 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2A0CECD6E68 for ; Thu, 4 Jun 2026 08:05:46 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6280.1780560337238759906 for ; Thu, 04 Jun 2026 01:05:37 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=br0eu90i; spf=pass (domain: gmail.com, ip: 209.85.210.170, mailfrom: jackson.james9803@gmail.com) Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-8422a92b6d6so216603b3a.1 for ; Thu, 04 Jun 2026 01:05:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780560337; x=1781165137; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=VPrcMeXaECkX37v1xPains6CfZMr0+iH3pqsm6/vf48=; b=br0eu90i6aWvRrQHkhlud6n4V5QzZjVN3XLCbwXKyOEjDeNthjX/iP1XDek0XbTqMW BwtUB19wfPBWo6tT13bAjEKrnxw095zjEKxL9GM8bm9aMj5DzjYb93jh3hgFGXPuqHN/ hOZ3hTaHW32376+ZEdmDxKObeom1CRVZb7a9B389gqjz7YsKpEvd0v3tS7xe4VDpp/zi 0bdfxQXJGI6fnjOYsWFhQrAIp7EvMTTF8FJqp9uJ+FVkKsUmm2xHLeee3gXWq9KN6IhI Qhp9ty7Kemg2c9I+sOHktnbSDnJIdsk0wNnBcHnJpcLSrYsDhfTwmrRY8/U32kEpBmT3 p6Zw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780560337; x=1781165137; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=VPrcMeXaECkX37v1xPains6CfZMr0+iH3pqsm6/vf48=; b=j7JkmUCAJyg+tM/WJDANRhy92BI4mreEEZAz8arDr2Ci+VMgxC3Omhqyzzz7ZEOXzA 0GdTLmInTKMF+wWTv+esQRjhwmA7kM2srDErnu0pLQaBE3MZaodKEaKqbJogFZ6D0m31 ZprLpaV/A/atqan1nPfJNDYdtUHy2MF7+Y/c8Gy/lj1fGV75l13C3sOsMBhhdddrGlSA kuSM1IF8x5JYFfcuQYOSRTcIm6fI/0EluytqhILtjMjGqm6r19SkU/AGRfV7n5gOb1FM xS6IDG01t/llxobwSw0GyCX1ngQzwAckNz5fpfLcNu3QcUMW6gLR6zkBr7B9nxA7QPfq ZiHQ== X-Gm-Message-State: AOJu0YwnrnLot4LfyIHR5xRiro3J2fJGV5sT2/q7t6ZLcmJSfkr0s/w/ 4Bq4r003MVnqSAenQ2jxAdy3iSxueyHv2zTHOq9OtoKf0w2O1T3apHdxJmQ30g== X-Gm-Gg: Acq92OGQj5+HpovaumPcUAfqpTCosAaPnHwA6vhkzx2+j/M8vBI2/yKNzD7I1pc3yu9 4uAg699ypaOc2o6/64Wda+sQNn4TR4SNgagi4N+HLQaQ5dZxmgHQ4NNY0stNuAHzDkB2rq3ewLk ta6vjmz61uby91hnPDB3GZHpJ2ctW/hrBpgSiXvxCnMXu758ovdPtXj90F2tMiDPVxzh48UXjTo BzyhF72Ubj4MbhbgFRyX6jNjQiEeJV4c41OLQIvyW9J/hia3zcFjxSTDYUK4V2NK6HiyzvgKddb z8DM209OtNzNmgq9434M66seYxnwCoemXJ3GPFRzwkMWk+wYnGvMZlnvF4NPquh+qql8ML+12TM B97DipvQPuoeO1Co7+gatAzJGy/6nBzomRn8OG6tTCnlOccCSwE9DHkJBj+xinhx9zzImzHGsvR uQaNZAgkumTgzEk6SciN/qv5A5RTp5iwqodf5cTIF3EVTJYA== X-Received: by 2002:a05:6a00:1996:b0:842:3c77:5996 with SMTP id d2e1a72fcca58-8429b57a34cmr2123194b3a.1.1780560336593; Thu, 04 Jun 2026 01:05:36 -0700 (PDT) Received: from LL-868L.kpit.com ([103.155.222.113]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-842828e21c8sm6139001b3a.49.2026.06.04.01.05.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Jun 2026 01:05:36 -0700 (PDT) From: Nitin Wankhade X-Google-Original-From: Nitin Wankhade To: yocto-patches@lists.yoctoproject.org Cc: nitin.wankhade@kpit.com, Nitin Wankhade Subject: [meta-lts-collab][kirkstone][PATCH 3/7] strongswan: Fix CVE-2026-35330 Date: Thu, 4 Jun 2026 13:35:02 +0530 Message-Id: <20260604080506.274123-3-nitin.wankhade@kpit.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260604080506.274123-1-nitin.wankhade@kpit.com> References: <20260604080506.274123-1-nitin.wankhade@kpit.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 04 Jun 2026 08:05:46 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/4134 From: Nitin Wankhade Upstream-Status: Backport [https://snapshot.debian.org/archive/debian-security-debug/20260422T125423Z/pool/updates/main/s/strongswan/strongswan_6.0.1-6%2Bdeb13u5.debian.tar.xz] Signed-off-by: Nitin Wankhade --- ...t-zero-length-EAP-SIM-AKA-attributes.patch | 55 +++++++++++++++++++ .../strongswan/strongswan_5.9.13.bbappend | 1 + 2 files changed, 56 insertions(+) create mode 100644 meta-networking/recipes-support/strongswan/files/libsimaka-Reject-zero-length-EAP-SIM-AKA-attributes.patch diff --git a/meta-networking/recipes-support/strongswan/files/libsimaka-Reject-zero-length-EAP-SIM-AKA-attributes.patch b/meta-networking/recipes-support/strongswan/files/libsimaka-Reject-zero-length-EAP-SIM-AKA-attributes.patch new file mode 100644 index 0000000..0e6227d --- /dev/null +++ b/meta-networking/recipes-support/strongswan/files/libsimaka-Reject-zero-length-EAP-SIM-AKA-attributes.patch @@ -0,0 +1,55 @@ +From: =?utf-8?q?Lukas_Johannes_M=C3=B6ller?= +Date: Wed, 11 Mar 2026 16:07:10 +0000 +Subject: libsimaka: Reject zero-length EAP-SIM/AKA attributes +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +parse_attributes() accepts hdr->length == 0 in the AT_ENCR_DATA, +AT_RAND, AT_PADDING, default branches. The code then subtracts the +fixed attribute header size from the encoded length, which underflows +and exposes a wrapped payload length to later code. In particular, +for the cases where add_attribute() is called, this causes a heap-based +buffer overflow (a buffer of 12 bytes is allocated to which the wrapped +length is written). For AT_PADDING, the underflow is irrelevant as +add_attribute() is not called. Instead, this results in an infinite loop. + +Reject zero-length attributes before subtracting the attribute header. + +Signed-off-by: Lukas Johannes Möller + +Fixes: f8330d03953b ("Added a libsimaka library with shared message handling code for EAP-SIM/AKA") +Fixes: CVE-2026-35330 + +CVE: CVE-2026-35330 +Upstream-Status: Backport [https://snapshot.debian.org/archive/debian-security-debug/20260422T125423Z/pool/updates/main/s/strongswan/strongswan_6.0.1-6%2Bdeb13u5.debian.tar.xz] +Patch is refreshed as per the source code version 5.9.13 +Signed-off-by: Nitin Wankhade +=== +diff --git a/src/libsimaka/simaka_message.c b/src/libsimaka/simaka_message.c +index 6706568..4862048 100644 +--- a/src/libsimaka/simaka_message.c ++++ b/src/libsimaka/simaka_message.c +@@ -416,7 +416,7 @@ static bool parse_attributes(private_simaka_message_t *this, chunk_t in) + case AT_ENCR_DATA: + case AT_RAND: + { +- if (hdr->length * 4 > in.len || in.len < 4) ++ if (hdr->length == 0 || hdr->length * 4 > in.len || in.len < 4) + { + return invalid_length(hdr->type); + } +@@ -439,7 +439,7 @@ static bool parse_attributes(private_simaka_message_t *this, chunk_t in) + case AT_PADDING: + default: + { +- if (hdr->length * 4 > in.len || in.len < 4) ++ if (hdr->length == 0 || hdr->length * 4 > in.len || in.len < 4) + { + return invalid_length(hdr->type); + } +@@ -932,4 +932,3 @@ simaka_message_t *simaka_message_create(bool request, uint8_t identifier, + return simaka_message_create_data(chunk_create((char*)&hdr, sizeof(hdr)), + crypto); + } +- diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend index 9def352..0769de9 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend +++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend @@ -1,4 +1,5 @@ SRC_URI += "\ file://tls-server-Prevent-infinite-loop-if-supported-versio.patch \ file://pkcs5-pkcs7-Avoid-NULL-pointer-dereference-when-veri.patch \ + file://libsimaka-Reject-zero-length-EAP-SIM-AKA-attributes.patch \ " From patchwork Thu Jun 4 08:05:03 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nitin Wankhade X-Patchwork-Id: 89299 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 48B40CD6E6B for ; Thu, 4 Jun 2026 08:05:46 +0000 (UTC) Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6325.1780560341023944906 for ; Thu, 04 Jun 2026 01:05:41 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=P1uzTle+; spf=pass (domain: gmail.com, ip: 209.85.210.180, mailfrom: jackson.james9803@gmail.com) Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-8422a92b6d6so216620b3a.1 for ; Thu, 04 Jun 2026 01:05:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780560340; x=1781165140; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qdrzx0dUEsn+gTsswqZ0cft2kaG5EuQiBy3rRpFhkrY=; b=P1uzTle+foiDut6zmYpgx3pXq652p6BFOQIdfo5egXUBfvsp2U7VOiL5ArYT0p0d3Y Po8A2ZHPnQbuLyeDmqWT/5yPPCkLFKuStLvYigCf/NrNdobvyUtBxy5wbBt7QhDIr+PL SR81jIqVWea9R0uZgf2G3y17V0nvLXzVkpWpgnSePjO3CyWthB5wCDLD7jCnzp4MUx5P EFpsZL1KixE0oOqZQyFOQT1UGpVisOfaxOSqi5sTOo0W6LoNp4qVfIdaphJn9dSngGaw gLtPgZRs2VcG6E0NmqgKKPOrOTFxTrvHVjJia74hscW4EK8ZTZPeYz3tO+4SblWoOkFk 5CIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780560340; x=1781165140; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=qdrzx0dUEsn+gTsswqZ0cft2kaG5EuQiBy3rRpFhkrY=; b=IqIOj1aBorOHubzUpzJb99y/9XixVBPoeKoTVk0KhLMer2U9JqEkk8U+xB8VMIPLS4 fgX9ThrLCSg1RvsdGgZBiWyJoNfKVa4V6mRXs4CTuaaPnrFIunCbaUSQT6pUU4UgnOPm /2UOctOoyJ9r59X491vvasoPQb0WWXNklItmi8YHd7QsSVQMnOQKinh9hjTZD/Uwizuw i85quRoArh7YxO6cnGwVworvQe31L7WeSC2ec+EcF0nO+AtxXxZ+ln+d+q9zxGoNEiVs L70XYIqjaF5lv3/ZwnkFlt4+RRER0uVMqKo/s3dGYN7nEIa8PQXCg2Mtm1ui8El3sBMu gI0Q== X-Gm-Message-State: AOJu0Yz1d00ozxJd1Vp1M7TLHjZGSx/xHUXLF4gKV3+vWANNyCPaEgYj og7bRRglfGL8XKIxiOyDj7rQ6KryWfS3rs+JRNSIiGhPlk2uUQttGiLu8ovj9w== X-Gm-Gg: Acq92OF8P9BAmrT9ev9f+9nvJjTVjisMm2gTBYCk5GKzk7CZH1svcE1L8xhIbVlhi6E 7N82jXZTVh+LDikrXEqgzBBt9balDredrfUxSc5fQ4ONNMeoBd9RCZ0UjLqDabZ8uplXdfky6Fq yw0Y5W3sW+YkoilK6QNcVf8pF5vFp3XkXe8p3VnJ5zLtoKiTRUy+IaZjPk9aVPbEjGKOrNHStV1 xKsVIowJI/FJly1jOMByKIEnpUlkXTiBN+hFw6COrsBqOlDXX54tMh5xeOEN7qnFgsKezFyc9GG 6jo+hAqcRnNJ3VbcYxOibe1z7VD3hbuZ+ENtLsaXoQHM7ohH/gZPpBH4sVyJ2+sUJDvR9ivHN22 zHqFug7zQkELHywqSs+9QNWGMW9tYuuaeWALtCftC2m1aG359EI6iaA1JqHOn2RXr+M6st60yG7 C5COspjy15uNjvGECq8cBjT/HBBnm/26noME3PbOF3Ba8Fgva/cfYA6bqy X-Received: by 2002:a05:6a00:ad84:b0:842:499d:450e with SMTP id d2e1a72fcca58-8429b6a46c2mr2221407b3a.20.1780560340173; Thu, 04 Jun 2026 01:05:40 -0700 (PDT) Received: from LL-868L.kpit.com ([103.155.222.113]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-842828e21c8sm6139001b3a.49.2026.06.04.01.05.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Jun 2026 01:05:39 -0700 (PDT) From: Nitin Wankhade X-Google-Original-From: Nitin Wankhade To: yocto-patches@lists.yoctoproject.org Cc: nitin.wankhade@kpit.com, Nitin Wankhade Subject: [meta-lts-collab][kirkstone][PATCH 4/7] strongswan: Fix CVE-2026-35331 Date: Thu, 4 Jun 2026 13:35:03 +0530 Message-Id: <20260604080506.274123-4-nitin.wankhade@kpit.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260604080506.274123-1-nitin.wankhade@kpit.com> References: <20260604080506.274123-1-nitin.wankhade@kpit.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 04 Jun 2026 08:05:46 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/4135 From: Nitin Wankhade Upstream-Status: Backport [https://snapshot.debian.org/archive/debian-security-debug/20260422T125423Z/pool/updates/main/s/strongswan/strongswan_6.0.1-6%2Bdeb13u5.debian.tar.xz] Signed-off-by: Nitin Wankhade --- ...-insensitive-matching-and-reject-exc.patch | 145 ++++++++++++++++++ .../strongswan/strongswan_5.9.13.bbappend | 1 + 2 files changed, 146 insertions(+) create mode 100644 meta-networking/recipes-support/strongswan/files/constraints-Case-insensitive-matching-and-reject-exc.patch diff --git a/meta-networking/recipes-support/strongswan/files/constraints-Case-insensitive-matching-and-reject-exc.patch b/meta-networking/recipes-support/strongswan/files/constraints-Case-insensitive-matching-and-reject-exc.patch new file mode 100644 index 0000000..40ca317 --- /dev/null +++ b/meta-networking/recipes-support/strongswan/files/constraints-Case-insensitive-matching-and-reject-exc.patch @@ -0,0 +1,145 @@ +From: Tobias Brunner +Date: Mon, 23 Mar 2026 17:45:11 +0100 +Subject: constraints: Case-insensitive matching and reject excluded DN name + constraints + +The case is generally ignored when matching identities. So this is +an issue with excluded name constraints where a malicious intermediate +CA could evade the constraints by issuing certificates with names that +just modify the case (e.g. strongSwan.org instead strongswan.org). + +Note that it's likely that permitted name constraints are preferred over +excluded name constraints as it might be difficult to come up with a +conclusive list of names to exclude. + +With directoryName (DN) name constraints the issue is a bit more comples. +Some RDNs have to be matched in a case-insensitive manner, which we e.g. +do in `identification.c::rdn_equals`. By not doing it for name +constraints, a malicious intermediate CA could evade an excluded name +constraint just by modifying the case in such an RDN. + +While we could use the mentioned function in `dn_matches`, this doesn't +properly fix the problem because the function is basically too strict. +Especially in regards to RDNs of type UTF8String, which are only compared +binary. To match these properly, we'd have to implement the string +preparation described in RFC 5280, section 7.1 and the referenced RFCs. +Until that's the case, we reject excluded name constraints of type +directoryName as we are unable to enforce them. + +Fixes: a2b340764fac ("Implemented NameConstraint matching in constraints plugin") +Fixes: CVE-2026-35331 + +CVE: CVE-2026-35331 +Upstream-Status: Backport [https://snapshot.debian.org/archive/debian-security-debug/20260422T125423Z/pool/updates/main/s/strongswan/strongswan_6.0.1-6%2Bdeb13u5.debian.tar.xz] +Patch is refreshed as per the source code version 5.9.13 +Signed-off-by: Nitin Wankhade +=== +diff --git a/src/libstrongswan/plugins/constraints/constraints_validator.c b/src/libstrongswan/plugins/constraints/constraints_validator.c +index b1f60fb..a04720a 100644 +--- a/src/libstrongswan/plugins/constraints/constraints_validator.c ++++ b/src/libstrongswan/plugins/constraints/constraints_validator.c +@@ -52,6 +52,18 @@ static bool check_pathlen(x509_t *issuer, int pathlen) + return TRUE; + } + ++/** ++ * Check if the constraint and ID strings match case-insensitively ++ */ ++static bool string_matches(chunk_t constraint, chunk_t id) ++{ ++ /* make sure the two strings have actually the same length */ ++ return constraint.len == id.len && ++ memchr(constraint.ptr, 0, constraint.len) == NULL && ++ memchr(id.ptr, 0, id.len) == NULL && ++ strncasecmp(constraint.ptr, id.ptr, constraint.len) == 0; ++} ++ + /** + * Check if a FQDN constraint matches + */ +@@ -67,7 +79,7 @@ static bool fqdn_matches(identification_t *constraint, identification_t *id) + return FALSE; + } + diff = chunk_create(i.ptr, i.len - c.len); +- if (!chunk_equals(c, chunk_skip(i, diff.len))) ++ if (!string_matches(c, chunk_skip(i, diff.len))) + { + return FALSE; + } +@@ -98,10 +110,10 @@ static bool email_matches(identification_t *constraint, identification_t *id) + } + if (memchr(c.ptr, '@', c.len)) + { /* constraint is a full email address */ +- return chunk_equals(c, i); ++ return string_matches(c, i); + } + diff = chunk_create(i.ptr, i.len - c.len); +- if (!diff.len || !chunk_equals(c, chunk_skip(i, diff.len))) ++ if (!diff.len || !string_matches(c, chunk_skip(i, diff.len))) + { + return FALSE; + } +diff --git a/src/libstrongswan/tests/suites/test_certnames.c b/src/libstrongswan/tests/suites/test_certnames.c +index 3672912..4441912 100644 +--- a/src/libstrongswan/tests/suites/test_certnames.c ++++ b/src/libstrongswan/tests/suites/test_certnames.c +@@ -194,8 +194,10 @@ static struct { + bool good; + } permitted_san[] = { + { ID_FQDN, ".strongswan.org", "test.strongswan.org", TRUE }, ++ { ID_FQDN, ".strongswan.org", "test.strongSwan.org", TRUE }, + { ID_FQDN, "strongswan.org", "test.strongswan.org", TRUE }, + { ID_FQDN, "a.b.c.strongswan.org", "d.a.b.c.strongswan.org", TRUE }, ++ { ID_FQDN, "a.b.c.strongswan.org", "d.A.b.C.strongswan.org", TRUE }, + { ID_FQDN, "a.b.c.strongswan.org", "a.b.c.d.strongswan.org", FALSE }, + { ID_FQDN, "strongswan.org", "strongswan.org.com", FALSE }, + { ID_FQDN, ".strongswan.org", "strongswan.org", FALSE }, +@@ -203,8 +205,11 @@ static struct { + { ID_FQDN, "strongswan.org", "swan.org", FALSE }, + { ID_FQDN, "strongswan.org", "swan.org", FALSE }, + { ID_RFC822_ADDR, "tester@strongswan.org", "tester@strongswan.org", TRUE }, ++ { ID_RFC822_ADDR, "tester@strongswan.org", "tester@strongSwan.org", TRUE }, ++ { ID_RFC822_ADDR, "tester@strongswan.org", "TESTER@strongswan.org", TRUE }, + { ID_RFC822_ADDR, "tester@strongswan.org", "atester@strongswan.org", FALSE }, + { ID_RFC822_ADDR, "strongswan.org", "tester@strongswan.org", TRUE }, ++ { ID_RFC822_ADDR, "strongswan.org", "tester@strongSwan.org", TRUE }, + { ID_RFC822_ADDR, "strongswan.org", "tester@test.strongswan.org", FALSE }, + { ID_RFC822_ADDR, ".strongswan.org", "tester@test.strongswan.org", TRUE }, + { ID_RFC822_ADDR, ".strongswan.org", "tester@strongswan.org", FALSE }, +@@ -232,11 +237,11 @@ static struct { + char *subject; + bool good; + } excluded_dn[] = { +- { "C=CH, O=another", "C=CH, O=strongSwan, CN=tester", TRUE }, +- { "C=CH, O=another", "C=CH, O=anot", TRUE }, +- { "C=CH, O=another", "C=CH, O=anot, CN=tester", TRUE }, ++ { "C=CH, O=another", "C=CH, O=strongSwan, CN=tester", FALSE }, ++ { "C=CH, O=another", "C=CH, O=anot", FALSE }, ++ { "C=CH, O=another", "C=CH, O=anot, CN=tester", FALSE }, + { "C=CH, O=another", "C=CH, O=another, CN=tester", FALSE }, +- { "C=CH, O=another", "C=CH, CN=tester, O=another", TRUE }, ++ { "C=CH, O=another", "C=CH, CN=tester, O=another", FALSE }, + }; + + START_TEST(test_excluded_dn) +@@ -266,7 +271,9 @@ static struct { + } excluded_san[] = { + { ID_FQDN, ".strongswan.org", "test.strongswan.org", FALSE }, + { ID_FQDN, "strongswan.org", "test.strongswan.org", FALSE }, ++ { ID_FQDN, "strongswan.org", "test.strongSwan.org", FALSE }, + { ID_FQDN, "a.b.c.strongswan.org", "d.a.b.c.strongswan.org", FALSE }, ++ { ID_FQDN, "a.b.c.strongswan.org", "d.a.b.C.strongswan.org", FALSE }, + { ID_FQDN, "a.b.c.strongswan.org", "a.b.c.d.strongswan.org", TRUE }, + { ID_FQDN, "strongswan.org", "strongswan.org.com", TRUE }, + { ID_FQDN, ".strongswan.org", "strongswan.org", TRUE }, +@@ -274,8 +281,10 @@ static struct { + { ID_FQDN, "strongswan.org", "swan.org", TRUE }, + { ID_FQDN, "strongswan.org", "swan.org", TRUE }, + { ID_RFC822_ADDR, "tester@strongswan.org", "tester@strongswan.org", FALSE }, ++ { ID_RFC822_ADDR, "tester@strongswan.org", "TESTER@strongswan.org", FALSE }, + { ID_RFC822_ADDR, "tester@strongswan.org", "atester@strongswan.org", TRUE }, + { ID_RFC822_ADDR, "strongswan.org", "tester@strongswan.org", FALSE }, ++ { ID_RFC822_ADDR, "strongswan.org", "tester@strongSwan.org", FALSE }, + { ID_RFC822_ADDR, "strongswan.org", "tester@test.strongswan.org", TRUE }, + { ID_RFC822_ADDR, ".strongswan.org", "tester@test.strongswan.org", FALSE }, + { ID_RFC822_ADDR, ".strongswan.org", "tester@strongswan.org", TRUE }, diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend index 0769de9..5b30348 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend +++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend @@ -2,4 +2,5 @@ SRC_URI += "\ file://tls-server-Prevent-infinite-loop-if-supported-versio.patch \ file://pkcs5-pkcs7-Avoid-NULL-pointer-dereference-when-veri.patch \ file://libsimaka-Reject-zero-length-EAP-SIM-AKA-attributes.patch \ + file://constraints-Case-insensitive-matching-and-reject-exc.patch \ " From patchwork Thu Jun 4 08:05:04 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nitin Wankhade X-Patchwork-Id: 89298 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B24BCD6E4A for ; Thu, 4 Jun 2026 08:05:46 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6282.1780560344378882384 for ; Thu, 04 Jun 2026 01:05:44 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=pSGuubvh; spf=pass (domain: gmail.com, ip: 209.85.210.169, mailfrom: jackson.james9803@gmail.com) Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-8423f236418so214115b3a.1 for ; Thu, 04 Jun 2026 01:05:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780560344; x=1781165144; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=tfMu4H33QnILISSD/eLvSkp1gh4+OD2oEdIT8f6p8m8=; b=pSGuubvh8HV7C/95o5bl79m9NlZmkXJK/AOwewyZWu4zrg1WGRFSu+V5ewqqqLWGV4 D52JOynImpqL3sp9oIrQYQAJovckyUbYCjFcQ7TD1+UE6C2/ouSpigN8+3FjDLGB0/eP //RTWco1Zk/ST3thzOMijsREaJFSu1cmpsWWbb6RYHVaDva28UbvByLsrkM+oM8Xzsrh Fl/DZnl2E5fsAUzGBdHoGEiKKl9fEDuWcKPr9Scu/kJkA7nefBwARdPlImz9IzLRE2TS fe6/KBoU4uAGEGwkVKWxG09eMcCNL0Hisi4IsC8BRSMlTQVcZJ3TAiq6UiAaUgxRqsFT 30Jg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780560344; x=1781165144; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=tfMu4H33QnILISSD/eLvSkp1gh4+OD2oEdIT8f6p8m8=; b=LMTfocsfkzCXYyIqlbT7k3Jv7MKR4hpAzYJarfCvDe4YlNmPI0h4YuLlWSqRXISLrM zQ2danWiSt989eYtyxrUjauGwrwGH/AjS19UgTyKpzQ1dR0FhZ07cnD3i3CO4JgAB3nO gIWi4MpDXEIgYAzfnICoNRWn2zxWzVKbYXK8fqfKNyzeL6UtwWjrov5owx2KSt8rCOWM BuIZ4c7hor+Sjjg4PcL5Za8Sx4zEGrWrF+30eJ5t++sALLgeNOZqz8LJTndwM3YtGC8N IgX/jLC/6YcoqqkX4KxiAJmX2BX5uc7KDce1YxlI6Vv/I0uEyRm6R6yCYoV5l1fmpARd roCw== X-Gm-Message-State: AOJu0YyE/NfGz6lN0DwFcmLE9pGm2gQZyxUckhE5zNH9EgKFNyAPWDdo CWI4/C+hJTxQUOXbKHoAo5aSBa/x9OW4xkUPgyFK+xcoTW9+Tsouw4cpoAhTdw== X-Gm-Gg: Acq92OFr29y7eSkj5V4UxF0FcGx1YM6vEXzYkotoeIPYdE8CGl+F70rvUun3ok3G6u6 WXxaAG5ELc1HHbOskXdH9KQ+BhlxqghqatUqJlkHj1jU1vhZ3gCLFb4THSZIswzTdrt0A6fACFa 91XuT1HNySuVyd4F61HXW0uokWw88H9swHpof/snHZ67uOKIT1OtKUbA8LkZw2Va3KdHLGxKrIu 1RhFy0Dnv817r4fAdCE9wzx//uX7NmBd1N6Nit73r90otsR0MZM/rfotA0YpXslMnBubKqOr6an UB0CPGlweTwXpiU7Q+e/0JzUWQT6a63pVeTuoh9d5oQxoN/j2+JCb+G0CcFu1N8fCNf8rAJW7kL pZR3ZhP3FShGY7UfElsmaX29BHKLcs69C5HzlHo/qFJuJA1MpW+ev2AEd/6gipmhGvcAy1xTYCh H61MoPtJ11dER8rSlcFUqYo0W2fTPXMJkfCRZ4b6M71TxYiw== X-Received: by 2002:a05:6a00:94d5:b0:842:5a8d:302c with SMTP id d2e1a72fcca58-84284fd2f60mr6974682b3a.38.1780560343703; Thu, 04 Jun 2026 01:05:43 -0700 (PDT) Received: from LL-868L.kpit.com ([103.155.222.113]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-842828e21c8sm6139001b3a.49.2026.06.04.01.05.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Jun 2026 01:05:43 -0700 (PDT) From: Nitin Wankhade X-Google-Original-From: Nitin Wankhade To: yocto-patches@lists.yoctoproject.org Cc: nitin.wankhade@kpit.com, Nitin Wankhade Subject: [meta-lts-collab][kirkstone][PATCH 5/7] strongswan: Fix CVE-2026-35332 Date: Thu, 4 Jun 2026 13:35:04 +0530 Message-Id: <20260604080506.274123-5-nitin.wankhade@kpit.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260604080506.274123-1-nitin.wankhade@kpit.com> References: <20260604080506.274123-1-nitin.wankhade@kpit.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 04 Jun 2026 08:05:46 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/4136 From: Nitin Wankhade Upstream-Status: Backport [https://snapshot.debian.org/archive/debian-security-debug/20260422T125423Z/pool/updates/main/s/strongswan/strongswan_6.0.1-6%2Bdeb13u5.debian.tar.xz] Signed-off-by: Nitin Wankhade --- ...accept-non-empty-ECDH-public-keys-wi.patch | 51 +++++++++++++++++++ .../strongswan/strongswan_5.9.13.bbappend | 1 + 2 files changed, 52 insertions(+) create mode 100644 meta-networking/recipes-support/strongswan/files/tls-server-Only-accept-non-empty-ECDH-public-keys-wi.patch diff --git a/meta-networking/recipes-support/strongswan/files/tls-server-Only-accept-non-empty-ECDH-public-keys-wi.patch b/meta-networking/recipes-support/strongswan/files/tls-server-Only-accept-non-empty-ECDH-public-keys-wi.patch new file mode 100644 index 0000000..a46479f --- /dev/null +++ b/meta-networking/recipes-support/strongswan/files/tls-server-Only-accept-non-empty-ECDH-public-keys-wi.patch @@ -0,0 +1,51 @@ +From: Tobias Brunner +Date: Fri, 20 Mar 2026 17:38:07 +0100 +Subject: tls-server: Only accept non-empty ECDH public keys with TLS < 1.3 + +This prevents a crash due to a null-pointer dereference when processing +an empty ECDH public key. + +The previous length check only applied in the `!ec` case, so in the `ec` +case, the access to `pub.ptr[0]` was unguarded. If a crafted TLS +record ends with an empty ClientKeyExchange, then `read_data8` sets +`pub` to `chunk_empty`, causing a null-pointer dereference. + +Note that if some data follows the empty ClientKeyExchange, this just +causes a 1-byte out-of-bounds read that has no further effect as the +TLS session is aborted immediately. Either because the read value +doesn't equal TLS_ANSI_UNCOMPRESSED or because the empty public key +is rejected by `set_public_key()`. + +The referenced commit that introduced the pointer access, added the +check for `pub.len` specifically to the `!ec` case, while the pointer +access was initially unconditional (probably because the code was just +copied from `tls_peer.c` which processes ECDH public keys in a separate +function, so there was no `ec` flag). The latter was fixed a couple of +days later with 7b3c01845f63 ("Read the compression type byte for EC +groups, only"). However, that commit didn't change the length check. +Anyway, it's possible that the original intention was to add the check +to the `ec` case on the previous line, or that there was some confusion +with the parenthesis and something like the current code was intended to +begin with. + +Fixes: e6cce7ff0d1b ("Prepend point format to ECDH public key") +Fixes: CVE-2026-35332 + +CVE: CVE-2026-35332 +Upstream-Status: Backport [https://snapshot.debian.org/archive/debian-security-debug/20260422T125423Z/pool/updates/main/s/strongswan/strongswan_6.0.1-6%2Bdeb13u5.debian.tar.xz] +Patch is refreshed as per the source code version 5.9.13 +Signed-off-by: Nitin Wankhade +=== +diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c +index 7b2238e..bffc01c 100644 +--- a/src/libtls/tls_server.c ++++ b/src/libtls/tls_server.c +@@ -857,7 +857,7 @@ static status_t process_key_exchange_dhe(private_tls_server_t *this, + group = this->dh->get_method(this->dh); + ec = key_exchange_is_ecdh(group); + if ((ec && !reader->read_data8(reader, &pub)) || +- (!ec && (!reader->read_data16(reader, &pub) || pub.len == 0))) ++ (!ec && !reader->read_data16(reader, &pub)) || pub.len == 0) + { + DBG1(DBG_TLS, "received invalid Client Key Exchange"); + this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR); diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend index 5b30348..8ccb230 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend +++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend @@ -3,4 +3,5 @@ SRC_URI += "\ file://pkcs5-pkcs7-Avoid-NULL-pointer-dereference-when-veri.patch \ file://libsimaka-Reject-zero-length-EAP-SIM-AKA-attributes.patch \ file://constraints-Case-insensitive-matching-and-reject-exc.patch \ + file://tls-server-Only-accept-non-empty-ECDH-public-keys-wi.patch \ " From patchwork Thu Jun 4 08:05:05 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Nitin Wankhade X-Patchwork-Id: 89300 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4A857CD6E68 for ; Thu, 4 Jun 2026 08:05:56 +0000 (UTC) Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6283.1780560348068464778 for ; Thu, 04 Jun 2026 01:05:48 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=IIyHvLeY; spf=pass (domain: gmail.com, ip: 209.85.215.172, mailfrom: jackson.james9803@gmail.com) Received: by mail-pg1-f172.google.com with SMTP id 41be03b00d2f7-c8584e80bd3so181436a12.3 for ; Thu, 04 Jun 2026 01:05:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780560347; x=1781165147; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6pK2yRVhNBKt8zVmDaSxdIDrmqLebHhDZEG+YBQh3q0=; b=IIyHvLeYv/qyhehyRtqDiC7iCpdZvPTopg0ZxTv+gm8u1/Iyi5xo2iTHSTqnh5v19P 13R4ydICAAEOHVpAnX8e2SS7PkqKlR5GfW3tZp4ln+7eutxFCPcuDEPMSANtyFx9EGGc X6j0glkoiaej6s09Dfm5J8VHimCwYl1RgWNOSUqjHyU0P9bi83JBTGvprA0rljESJRRy rLp+SQ3ctBtVU4J2nT4cVbB0m/p+L721LRo2WbexgYYJucHJBu0GF9YLtOfBWNm2TMYZ Z3byLDsKaufFREUVn9lLt7vWeiFkq+mxalXatpN9fnmtUHUFBRXKEU9wKLT93Z1fVSUx uQmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780560347; x=1781165147; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=6pK2yRVhNBKt8zVmDaSxdIDrmqLebHhDZEG+YBQh3q0=; b=eiHUYpFy2gFW70P8/7FRSao9E5bRlLKW72UtgmA7HJTwmfc0T0zOAajCpHosbaikRb 51ouG7RQkHgsHQkWtGb91hXNQwdQF7Xvet6vIfryNWupZju6ZUvc5pG+ObDIsguuZkga Vew1+dD500Sp/dnxC4j2LyxHfj/nboroneY7PbSkQwV04ecO/b6Kb48gXTu0JEJTACzV x3LsFqBWeqTTUa+Y1CzlifRz0P+UcF6hvlYEMQvqarbg5xMrDXQ9UtKVcrpAay4QBoWT rUOUqRguCG303NtoNebjrVCvzRiK+IHWGoVW8d9nd4QS8ezc/HUVZlpUW9kX0wgAjdFl FcAg== X-Gm-Message-State: AOJu0Yw/ycu0lcWvjZ9Wqz3+lXJl/WugzQYMSuw5YDvuDB7+3bAMWLcB DY2BHoSd09uZqDEh8FGxbjrIqQxQ8QSZvHUsZjuj8IKsXEotSJT1qASylQ5F+g== X-Gm-Gg: Acq92OH4r/yF7mzMDClPDmVDYIwc8Nb5GUUZ0NPMYQPTsuwC/IIjc0U49gSVUJZPWXI LaSLn5P1PXk46SIlNEXFc9HILcMFf97fFJ/Y6M8onnC/TlygEUJaL0ctaWP/HHxD4YKlWzIWQ0G ZKREl0xe39qNd1cMDX6ns1x1TgFYaOy69rEoUMoEN/F/gnViq1OTJssHPdIKz7aXVkPc1XoOAcG Ghn0WxvDIY8s9ahPYStIDN+ZGX0sIF4OrrETv9GpNBUJqDzN0oDRTjgD+pCpz/PD2nb3i4xJ6qD q2YaJa6tscV3zjyId8AQ56tM3pLPpvYbw6YNV73KbNK1CHPxR4p6aThFs3NYHG6rO+d/j/KQflX zQugW5s14PH1KuI8yVenabhmTq3J3Jq4lnfRlQPqwUU536fZDYlcJgusVz6wRcqKKbZbGV1HNjo wlaycnRz9BSdDUZBMQrT+cuXY5uasXx6SEFDI2ZyfWdX3H6g== X-Received: by 2002:a05:6a00:ab85:b0:842:6a3b:60ea with SMTP id d2e1a72fcca58-84284f475d2mr6842050b3a.40.1780560347345; Thu, 04 Jun 2026 01:05:47 -0700 (PDT) Received: from LL-868L.kpit.com ([103.155.222.113]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-842828e21c8sm6139001b3a.49.2026.06.04.01.05.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Jun 2026 01:05:46 -0700 (PDT) From: Nitin Wankhade X-Google-Original-From: Nitin Wankhade To: yocto-patches@lists.yoctoproject.org Cc: nitin.wankhade@kpit.com, Nitin Wankhade Subject: [meta-lts-collab][kirkstone][PATCH 6/7] strongswan: Fix CVE-2026-35333 Date: Thu, 4 Jun 2026 13:35:05 +0530 Message-Id: <20260604080506.274123-6-nitin.wankhade@kpit.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260604080506.274123-1-nitin.wankhade@kpit.com> References: <20260604080506.274123-1-nitin.wankhade@kpit.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 04 Jun 2026 08:05:56 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/4137 From: Nitin Wankhade Upstream-Status: Backport [https://snapshot.debian.org/archive/debian-security-debug/20260422T125423Z/pool/updates/main/s/strongswan/strongswan_6.0.1-6%2Bdeb13u5.debian.tar.xz] Signed-off-by: Nitin Wankhade --- ...-undersized-attributes-in-enumerator.patch | 41 +++++++++++++++++++ .../strongswan/strongswan_5.9.13.bbappend | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta-networking/recipes-support/strongswan/files/libradius-Reject-undersized-attributes-in-enumerator.patch diff --git a/meta-networking/recipes-support/strongswan/files/libradius-Reject-undersized-attributes-in-enumerator.patch b/meta-networking/recipes-support/strongswan/files/libradius-Reject-undersized-attributes-in-enumerator.patch new file mode 100644 index 0000000..0233ebf --- /dev/null +++ b/meta-networking/recipes-support/strongswan/files/libradius-Reject-undersized-attributes-in-enumerator.patch @@ -0,0 +1,41 @@ +From: =?utf-8?q?Lukas_Johannes_M=C3=B6ller?= +Date: Thu, 12 Mar 2026 10:24:45 +0000 +Subject: libradius: Reject undersized attributes in enumerator +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +attribute_enumerate() accepts RADIUS attributes whose length byte is +smaller than sizeof(rattr_t) (2). For length == 0, the iterator never +advances and traps callers — including verify() — in a non-advancing +loop. For length == 1, misaligned packed-struct reads occur. + +Add a separate check for this->next->length < sizeof(rattr_t) after +the existing truncation guard. This mirrors radius_message_parse(), +which already distinguishes invalid length from truncation. + +Signed-off-by: Lukas Johannes Möller + +Fixes: 4a6b84a93461 ("reintegrated eap-radius branch into trunk") +Fixes: CVE-2026-35333 + +CVE: CVE-2026-35333 +Upstream-Status: Backport [https://snapshot.debian.org/archive/debian-security-debug/20260422T125423Z/pool/updates/main/s/strongswan/strongswan_6.0.1-6%2Bdeb13u5.debian.tar.xz] +Signed-off-by: Nitin Wankhade +=== +diff --git a/src/libradius/radius_message.c b/src/libradius/radius_message.c +index 8e2db0c..2bbbb48 100644 +--- a/src/libradius/radius_message.c ++++ b/src/libradius/radius_message.c +@@ -261,6 +261,11 @@ METHOD(enumerator_t, attribute_enumerate, bool, + DBG1(DBG_IKE, "RADIUS message truncated"); + return FALSE; + } ++ if (this->next->length < sizeof(rattr_t)) ++ { ++ DBG1(DBG_IKE, "RADIUS attribute has invalid length"); ++ return FALSE; ++ } + *type = this->next->type; + data->ptr = this->next->value; + data->len = this->next->length - sizeof(rattr_t); diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend index 8ccb230..8d22b60 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend +++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend @@ -4,4 +4,5 @@ SRC_URI += "\ file://libsimaka-Reject-zero-length-EAP-SIM-AKA-attributes.patch \ file://constraints-Case-insensitive-matching-and-reject-exc.patch \ file://tls-server-Only-accept-non-empty-ECDH-public-keys-wi.patch \ + file://libradius-Reject-undersized-attributes-in-enumerator.patch \ " From patchwork Thu Jun 4 08:05:06 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Nitin Wankhade X-Patchwork-Id: 89301 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5A2A6CD6E4A for ; Thu, 4 Jun 2026 08:05:56 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6328.1780560351724893235 for ; Thu, 04 Jun 2026 01:05:51 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=ThkZaF0Q; spf=pass (domain: gmail.com, ip: 209.85.210.169, mailfrom: jackson.james9803@gmail.com) Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-842848fd613so293031b3a.3 for ; Thu, 04 Jun 2026 01:05:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780560351; x=1781165151; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=OYf9Sx6TVO7GfAoOqWuVNBnlA/kyjxgHM+rFEOeG/2k=; b=ThkZaF0QImQERfuruNjX6v8+3ahckNCHYS+guD2hPofZYGhCML3Rx51wr3ynp5GkL/ yS1cPNYzCGLPSIOwOfv7slQGCASLz7A9F/4Ow+JjBDmgw2FNFKz0f94io4EbFIWQnA+G OOCsCvnP60O9iN0w4+cgG9ZMUIkKz+VmnLCfJR4oNRA+QCeSUxGpjsfNCyMz6LYGBg1a OKyMNuPJGmVcaG0kMUv2D3qTw78o962qgCx2vIj7cuyPLfElTCxyXWJTipF+e4VBsuw3 +AQEqm/kgGm6Gs/+pHyb80TmUSwqteO+RaZyvEtRRFZPJxXMziUy/iTXvG0fOnbMKJX0 Ml7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780560351; x=1781165151; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=OYf9Sx6TVO7GfAoOqWuVNBnlA/kyjxgHM+rFEOeG/2k=; b=bq087AbcNeKG9k+YB4ixWhssPWZGXqArZsA4aXl+Mul8LRkqAhNd5um+yIOSxsr8X6 fuLV1U/zbdnXrrRbmni4x+GUbeQbJz6C87kAlYd11DNND0Yg59fbVGVAqlpwjJ3kfK4f B27qWGYoL2y/hu6qRAleIbwOERsiTe9OBWExmxQBjK7ZLYWMfVm7GH0DsL0lAgiDpY9I mb4Co9gQXUwtzel13z+aFNoSSDG2zwf0m4rsoENVpv4cDAXSXM4xWMEY68P23XLEXCfv 0zvKkwNXpfU22CpXOGNBMFOqb6cyiRRvLpQPok67hXgYnYiLuRRWNPV3V5qp1q+fnn5O I4Mg== X-Gm-Message-State: AOJu0YzJMy+UHKQ0hYd1n4YfRGvtPkvufYVSUEeK8YhXu/dZvl4/wqKD KosocB8WI6OsXIR8E+xFzF0EAd0mVa62UoKTTXOgzHXyR/St5zRZpwQSE0Jukg== X-Gm-Gg: Acq92OE4a2GtUtNOwwZ+s+JvV32szXaNG/uzQu1bVEq9S9MMMf8YiW/hboR3pt7y4rJ 9KIIO3s7bBr9bmhevQzVEKeW/9JDoJqqwuPOAn7LLcyrxwgrqp6JrElp+RSRkLsOhBAzDTyLY9s cIg/9doREIfaxtFlB+0cXmZA3950eUvrxbAxf6cy9Je+Ehn/u+WHLlbl8PsHqVMM2wN1drQO+lG IZjkITDJ0z7gZX6lgv6qwai2Sl4hd1dO5hJUis89bKXaIEATb8sTUFsXGbvpgmLT8PfSs8c+Bcy 6POzBni370vsuQnQMXePjmB1MgjsKZqz0NxMdxkuYSeMQpkt4/G7HYNgj8TWqOOtVoZ4ax7qUpC LZtzm2ZDza1S2+bP/oPFzqkzNCTT1dQSNqXg84Bp4iLTGLxAGRD5tN+6DXwienvcf3zrMj/Mi3d XJ92LWm8cwFlPP3bCWZ8HtcZAhFRrP/ENi4rbtT6rx0FoX7w== X-Received: by 2002:a05:6a00:3403:b0:842:48ae:1d56 with SMTP id d2e1a72fcca58-84284f37c67mr6718463b3a.35.1780560350941; Thu, 04 Jun 2026 01:05:50 -0700 (PDT) Received: from LL-868L.kpit.com ([103.155.222.113]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-842828e21c8sm6139001b3a.49.2026.06.04.01.05.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Jun 2026 01:05:50 -0700 (PDT) From: Nitin Wankhade X-Google-Original-From: Nitin Wankhade To: yocto-patches@lists.yoctoproject.org Cc: nitin.wankhade@kpit.com, Nitin Wankhade Subject: [meta-lts-collab][kirkstone][PATCH 7/7] strongswan: Fix CVE-2026-35334 Date: Thu, 4 Jun 2026 13:35:06 +0530 Message-Id: <20260604080506.274123-7-nitin.wankhade@kpit.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260604080506.274123-1-nitin.wankhade@kpit.com> References: <20260604080506.274123-1-nitin.wankhade@kpit.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 04 Jun 2026 08:05:56 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/4138 From: Nitin Wankhade Upstream-Status: Backport [https://snapshot.debian.org/archive/debian-security-debug/20260422T125423Z/pool/updates/main/s/strongswan/strongswan_6.0.1-6%2Bdeb13u5.debian.tar.xz] Signed-off-by: Nitin Wankhade --- ...and-timing-leaks-in-PKCS-1-v1.5-decr.patch | 244 ++++++++++++++++++ .../strongswan/strongswan_5.9.13.bbappend | 1 + 2 files changed, 245 insertions(+) create mode 100644 meta-networking/recipes-support/strongswan/files/gmp-Avoid-crash-and-timing-leaks-in-PKCS-1-v1.5-decr.patch diff --git a/meta-networking/recipes-support/strongswan/files/gmp-Avoid-crash-and-timing-leaks-in-PKCS-1-v1.5-decr.patch b/meta-networking/recipes-support/strongswan/files/gmp-Avoid-crash-and-timing-leaks-in-PKCS-1-v1.5-decr.patch new file mode 100644 index 0000000..cb6777a --- /dev/null +++ b/meta-networking/recipes-support/strongswan/files/gmp-Avoid-crash-and-timing-leaks-in-PKCS-1-v1.5-decr.patch @@ -0,0 +1,244 @@ +From: Tobias Brunner +Date: Tue, 24 Mar 2026 18:00:23 +0100 +Subject: gmp: Avoid crash and timing leaks in PKCS#1 v1.5 decryption padding + validation +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +This fixes a potential crash due to a null-pointer dereference if rsadp() +returns NULL (e.g. with an all-zero ciphertext). + +And it also implements the PKCS#1 v1.5 decryption padding check in +constant time. + +The timing leak caused by the previous implementation was measured at +~17.5 μs at 3 GHz, which could allow a Bleichenbacher-like attack in +LAN environments. However, because of how RSA encryption is used in +strongSwan, this is not that much of an issue in practice. The mechanism +is only used for two use cases. One is SCEP/EST via PKCS#7 enveloped +data. Fortunately, this can not be triggered in significant numbers by +an attacker. The other use case is TLS as used by EAP methods (EAP-TLS, +EAP-PEAP/TTLS) during the authentication. While the cipher suites that +use RSA encryption are still enabled by default, the TLS messages are +wrapped in EAP and encrypted by IKE, making any kind of attack difficult. + +Note that the gmp plugin isn't enabled anymore by default. And even +before that, most setups had the openssl plugin enabled, which has +priority over the gmp plugin. So it's unlikely the plugin was used in +practice. + +Also note that this patch doesn't modify libstrongswan's Makefile.am +to avoid potentially requiring autotools when patching a tarball. + +Fixes: d615ffdcf3cd ("implement gmp_rsa_private_key.decrypt()") +Fixes: CVE-2026-35334 + +CVE: CVE-2026-35334 +Upstream-Status: Backport [https://snapshot.debian.org/archive/debian-security-debug/20260422T125423Z/pool/updates/main/s/strongswan/strongswan_6.0.1-6%2Bdeb13u5.debian.tar.xz] +Signed-off-by: Nitin Wankhade +=== +diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +index 47784b6..08c5eee 100644 +--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c ++++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +@@ -495,8 +495,8 @@ METHOD(private_key_t, decrypt, bool, + private_gmp_rsa_private_key_t *this, encryption_scheme_t scheme, + void *params, chunk_t crypto, chunk_t *plain) + { +- chunk_t em, stripped; +- bool success = FALSE; ++ chunk_t em; ++ u_int valid, i, j, found_sep = 0, sep_index = 0, m_index; + + if (scheme != ENCRYPT_RSA_PKCS1) + { +@@ -505,33 +505,51 @@ METHOD(private_key_t, decrypt, bool, + return FALSE; + } + /* rsa decryption using PKCS#1 RSADP */ +- stripped = em = rsadp(this, crypto); ++ em = rsadp(this, crypto); ++ if (em.len != this->k) ++ { ++ return FALSE; ++ } + +- /* PKCS#1 v1.5 8.1 encryption-block formatting (EB = 00 || 02 || PS || 00 || D) */ ++ /* PKCS#1 v1.5, RFC 8017, section 7.2.2 message structure: ++ * EM = 00 || 02 || PS || 00 || M */ + + /* check for hex pattern 00 02 in decrypted message */ +- if ((*stripped.ptr++ != 0x00) || (*(stripped.ptr++) != 0x02)) ++ valid = constant_time_eq(em.ptr[0], 0x00); ++ valid &= constant_time_eq(em.ptr[1], 0x02); ++ ++ /* the plaintext data starts after first 0x00 byte */ ++ for (i = 2; i < em.len; i++) + { +- DBG1(DBG_LIB, "incorrect padding - probably wrong rsa key"); +- goto end; ++ u_int zero = constant_time_eq(em.ptr[i], 0x00); ++ ++ sep_index = constant_time_select(i, sep_index, ~found_sep & zero); ++ found_sep |= zero; + } +- stripped.len -= 2; + +- /* the plaintext data starts after first 0x00 byte */ +- while (stripped.len-- > 0 && *stripped.ptr++ != 0x00) ++ /* make sure PS is at least eight bytes long (plus the initial bytes) */ ++ valid &= constant_time_ge(sep_index, 10); + +- if (stripped.len == 0) ++ /* instead of copying the message directly, we try not to reveal the message ++ * length i.e. where the 0x00 byte was. and since clearing a chunk is ++ * relatively efficient, i.e. doesn't leak much, we always allocate and copy ++ * a value and then clear it if the structure was invalid */ ++ m_index = constant_time_select(sep_index + 1, 11, valid); ++ ++ *plain = chunk_alloc(this->k); ++ for (i = 0, j = 0; i < em.len; i++) + { +- DBG1(DBG_LIB, "no plaintext data"); +- goto end; ++ plain->ptr[j] = em.ptr[i]; ++ j += constant_time_ge(i, m_index); + } ++ plain->len = j; + +- *plain = chunk_clone(stripped); +- success = TRUE; +- +-end: ++ if (!valid) ++ { ++ chunk_clear(plain); ++ } + chunk_clear(&em); +- return success; ++ return valid; + } + + METHOD(private_key_t, get_keysize, int, +diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h +index 40fe76a..80199a9 100644 +--- a/src/libstrongswan/utils/utils.h ++++ b/src/libstrongswan/utils/utils.h +@@ -53,6 +53,7 @@ + #include "utils/atomics.h" + #include "utils/align.h" + #include "utils/byteorder.h" ++#include "utils/constant_time.h" + #include "utils/string.h" + #include "utils/memory.h" + #include "utils/strerror.h" +diff --git a/src/libstrongswan/utils/utils/constant_time.h b/src/libstrongswan/utils/utils/constant_time.h +new file mode 100644 +index 0000000..30a8549 +--- /dev/null ++++ b/src/libstrongswan/utils/utils/constant_time.h +@@ -0,0 +1,103 @@ ++/* ++ * Copyright (C) 2026 Tobias Brunner ++ * ++ * Copyright (C) secunet Security Networks AG ++ * ++ * This program is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License as published by the ++ * Free Software Foundation; either version 2 of the License, or (at your ++ * option) any later version. See . ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * for more details. ++ */ ++ ++/** ++ * @defgroup constant_time_i constant_time ++ * @{ @ingroup constant_time_i ++ */ ++ ++#ifndef CONSTANT_TIME_H_ ++#define CONSTANT_TIME_H_ ++ ++#include ++ ++/** ++ * Check if the given values are not equal in constant time. ++ * ++ * @param x first value to check ++ * @param y second value to check ++ * @return 1 if values are not equal, 0 otherwise ++ */ ++static inline u_int constant_time_neq(uint32_t x, uint32_t y) ++{ ++ return ((x-y) | (y-x)) >> 31; ++} ++ ++/** ++ * Check if the given values are equal in constant time. ++ * ++ * @param x first value to check ++ * @param y second value to check ++ * @return 1 if values are equal, 0 otherwise ++ */ ++static inline u_int constant_time_eq(uint32_t x, uint32_t y) ++{ ++ return 1 ^ constant_time_neq(x, y); ++} ++ ++/** ++ * Compare the two values and return 1 if the first argument is lower than ++ * the second in constant time. ++ * ++ * @param x first value to check ++ * @param y second value to check ++ * @return 1 if first value is lower than second ++ */ ++static inline u_int constant_time_lt(uint32_t x, uint32_t y) ++{ ++ return (x ^ ((x^y) | ((x-y) ^ y))) >> 31; ++} ++ ++/** ++ * Compare the two values and return 1 if the first argument greater or equal to ++ * the second in constant time. ++ * ++ * @param x first value to check ++ * @param y second value to check ++ * @return 1 if first value is greater or equal to the second ++ */ ++static inline u_int constant_time_ge(uint32_t x, uint32_t y) ++{ ++ return 1 ^ constant_time_lt(x, y); ++} ++ ++/** ++ * Return a 32-bit all bit-set mask if the given value is not 0. ++ * ++ * @param x value to check ++ * @return 0xffffffff if value is != 0, 0 otherwise ++ */ ++static inline uint32_t constant_time_mask(uint32_t x) ++{ ++ return -(uint32_t)constant_time_neq(x, 0); ++} ++ ++/** ++ * Select one of two values depending on whether the condition is != 0 or not. ++ * Basically equivalent to 'c ? x : y'. ++ * ++ * @param x first value to select ++ * @param y second value to select ++ * @param c condition ++ * @return x if c is != 0, y otherwise ++ */ ++static inline uint32_t constant_time_select(uint32_t x, uint32_t y, uint32_t c) ++{ ++ uint32_t m = constant_time_mask(c); ++ return (x & m) | (y & ~m); ++} ++ ++#endif /** CONSTANT_TIME_H_ @} */ diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend index 8d22b60..a452a92 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend +++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bbappend @@ -5,4 +5,5 @@ SRC_URI += "\ file://constraints-Case-insensitive-matching-and-reject-exc.patch \ file://tls-server-Only-accept-non-empty-ECDH-public-keys-wi.patch \ file://libradius-Reject-undersized-attributes-in-enumerator.patch \ + file://gmp-Avoid-crash-and-timing-leaks-in-PKCS-1-v1.5-decr.patch \ "