!85 [sync] PR-79: Fix CVE-2023-41913

From: @openeuler-sync-bot 
Reviewed-by: @openhosec 
Signed-off-by: @openhosec

CVE-2022-40617.patch

@@ -0,0 +1,204 @@
+From 66d3b2e0e596a6eac1ebcd15c83a8d9368fe7b34 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Fri, 22 Jul 2022 15:37:43 +0200
+Subject: [PATCH] credential-manager: Do online revocation checks only after
+ basic trust chain validation
+
+This avoids querying URLs of potentially untrusted certificates, e.g. if
+an attacker sends a specially crafted end-entity and intermediate CA
+certificate with a CDP that points to a server that completes the
+TCP handshake but then does not send any further data, which will block
+the fetcher thread (depending on the plugin) for as long as the default
+timeout for TCP.  Doing that multiple times will block all worker threads,
+leading to a DoS attack.
+
+The logging during the certificate verification obviously changes.  The
+following example shows the output of `pki --verify` for the current
+strongswan.org certificate:
+
+new:
+
+  using certificate "CN=www.strongswan.org"
+  using trusted intermediate ca certificate "C=US, O=Let's Encrypt, CN=R3"
+  using trusted ca certificate "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
+  reached self-signed root ca with a path length of 1
+checking certificate status of "CN=www.strongswan.org"
+  requesting ocsp status from 'http://r3.o.lencr.org' ...
+  ocsp response correctly signed by "C=US, O=Let's Encrypt, CN=R3"
+  ocsp response is valid: until Jul 27 12:59:58 2022
+certificate status is good
+checking certificate status of "C=US, O=Let's Encrypt, CN=R3"
+ocsp response verification failed, no signer certificate 'C=US, O=Let's Encrypt, CN=R3' found
+  fetching crl from 'http://x1.c.lencr.org/' ...
+  using trusted certificate "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
+  crl correctly signed by "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
+  crl is valid: until Apr 18 01:59:59 2023
+certificate status is good
+certificate trusted, lifetimes valid, certificate not revoked
+
+old:
+
+  using certificate "CN=www.strongswan.org"
+  using trusted intermediate ca certificate "C=US, O=Let's Encrypt, CN=R3"
+checking certificate status of "CN=www.strongswan.org"
+  requesting ocsp status from 'http://r3.o.lencr.org' ...
+  ocsp response correctly signed by "C=US, O=Let's Encrypt, CN=R3"
+  ocsp response is valid: until Jul 27 12:59:58 2022
+certificate status is good
+  using trusted ca certificate "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
+checking certificate status of "C=US, O=Let's Encrypt, CN=R3"
+ocsp response verification failed, no signer certificate 'C=US, O=Let's Encrypt, CN=R3' found
+  fetching crl from 'http://x1.c.lencr.org/' ...
+  using trusted certificate "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
+  crl correctly signed by "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
+  crl is valid: until Apr 18 01:59:59 2023
+certificate status is good
+  reached self-signed root ca with a path length of 1
+certificate trusted, lifetimes valid, certificate not revoked
+
+Note that this also fixes an issue with the previous dual-use of the
+`trusted` flag.  It not only indicated whether the chain is trusted but
+also whether the current issuer is the root anchor (the corresponding
+flag in the `cert_validator_t` interface is called `anchor`).  This was
+a problem when building multi-level trust chains for pre-trusted
+end-entity certificates (i.e. where `trusted` is TRUE from the start).
+This caused the main loop to get aborted after the first intermediate CA
+certificate and the mentioned `anchor` flag wasn't correct in any calls
+to `cert_validator_t` implementations.
+
+Fixes: CVE-2022-40617
+---
+ .../credentials/credential_manager.c          | 54 +++++++++++++++----
+ 1 file changed, 45 insertions(+), 9 deletions(-)
+
+diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
+index e93b5943a3a7..798785544e41 100644
+--- a/src/libstrongswan/credentials/credential_manager.c
++++ b/src/libstrongswan/credentials/credential_manager.c
+@@ -556,7 +556,7 @@ static void cache_queue(private_credential_manager_t *this)
+  */
+ static bool check_lifetime(private_credential_manager_t *this,
+ 						   certificate_t *cert, char *label,
+-						   int pathlen, bool trusted, auth_cfg_t *auth)
++						   int pathlen, bool anchor, auth_cfg_t *auth)
+ {
+ 	time_t not_before, not_after;
+ 	cert_validator_t *validator;
+@@ -571,7 +571,7 @@ static bool check_lifetime(private_credential_manager_t *this,
+ 			continue;
+ 		}
+ 		status = validator->check_lifetime(validator, cert,
+-										   pathlen, trusted, auth);
++										   pathlen, anchor, auth);
+ 		if (status != NEED_MORE)
+ 		{
+ 			break;
+@@ -604,13 +604,13 @@ static bool check_lifetime(private_credential_manager_t *this,
+  */
+ static bool check_certificate(private_credential_manager_t *this,
+ 				certificate_t *subject, certificate_t *issuer, bool online,
+-				int pathlen, bool trusted, auth_cfg_t *auth)
++				int pathlen, bool anchor, auth_cfg_t *auth)
+ {
+ 	cert_validator_t *validator;
+ 	enumerator_t *enumerator;
+ 
+ 	if (!check_lifetime(this, subject, "subject", pathlen, FALSE, auth) ||
+-		!check_lifetime(this, issuer, "issuer", pathlen + 1, trusted, auth))
++		!check_lifetime(this, issuer, "issuer", pathlen + 1, anchor, auth))
+ 	{
+ 		return FALSE;
+ 	}
+@@ -623,7 +623,7 @@ static bool check_certificate(private_credential_manager_t *this,
+ 			continue;
+ 		}
+ 		if (!validator->validate(validator, subject, issuer,
+-								 online, pathlen, trusted, auth))
++								 online, pathlen, anchor, auth))
+ 		{
+ 			enumerator->destroy(enumerator);
+ 			return FALSE;
+@@ -726,6 +726,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
+ 	auth_cfg_t *auth;
+ 	signature_params_t *scheme;
+ 	int pathlen;
++	bool is_anchor = FALSE;
+ 
+ 	auth = auth_cfg_create();
+ 	get_key_strength(subject, auth);
+@@ -743,7 +744,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
+ 				auth->add(auth, AUTH_RULE_CA_CERT, issuer->get_ref(issuer));
+ 				DBG1(DBG_CFG, "  using trusted ca certificate \"%Y\"",
+ 							  issuer->get_subject(issuer));
+-				trusted = TRUE;
++				trusted = is_anchor = TRUE;
+ 			}
+ 			else
+ 			{
+@@ -778,11 +779,18 @@ static bool verify_trust_chain(private_credential_manager_t *this,
+ 				DBG1(DBG_CFG, "  issuer is \"%Y\"",
+ 					 current->get_issuer(current));
+ 				call_hook(this, CRED_HOOK_NO_ISSUER, current);
++				if (trusted)
++				{
++					DBG1(DBG_CFG, "  reached end of incomplete trust chain for "
++						 "trusted certificate \"%Y\"",
++						 subject->get_subject(subject));
++				}
+ 				break;
+ 			}
+ 		}
+-		if (!check_certificate(this, current, issuer, online,
+-							   pathlen, trusted, auth))
++		/* don't do online verification here */
++		if (!check_certificate(this, current, issuer, FALSE,
++							   pathlen, is_anchor, auth))
+ 		{
+ 			trusted = FALSE;
+ 			issuer->destroy(issuer);
+@@ -794,7 +802,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
+ 		}
+ 		current->destroy(current);
+ 		current = issuer;
+-		if (trusted)
++		if (is_anchor)
+ 		{
+ 			DBG1(DBG_CFG, "  reached self-signed root ca with a "
+ 				 "path length of %d", pathlen);
+@@ -807,6 +815,34 @@ static bool verify_trust_chain(private_credential_manager_t *this,
+ 		DBG1(DBG_CFG, "maximum path length of %d exceeded", MAX_TRUST_PATH_LEN);
+ 		call_hook(this, CRED_HOOK_EXCEEDED_PATH_LEN, subject);
+ 	}
++	else if (trusted && online)
++	{
++		enumerator_t *enumerator;
++		auth_rule_t rule;
++
++		/* do online revocation checks after basic validation of the chain */
++		pathlen = 0;
++		current = subject;
++		enumerator = auth->create_enumerator(auth);
++		while (enumerator->enumerate(enumerator, &rule, &issuer))
++		{
++			if (rule == AUTH_RULE_CA_CERT || rule == AUTH_RULE_IM_CERT)
++			{
++				if (!check_certificate(this, current, issuer, TRUE, pathlen++,
++									   rule == AUTH_RULE_CA_CERT, auth))
++				{
++					trusted = FALSE;
++					break;
++				}
++				else if (rule == AUTH_RULE_CA_CERT)
++				{
++					break;
++				}
++				current = issuer;
++			}
++		}
++		enumerator->destroy(enumerator);
++	}
+ 	if (trusted)
+ 	{
+ 		result->merge(result, auth, FALSE);
+-- 
+2.25.1

CVE-2023-41913.patch

@@ -0,0 +1,42 @@
+From 027421cbd2e6e628f5f959c74d722afadc477485 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Tue, 11 Jul 2023 12:12:25 +0200
+Subject: [PATCH] charon-tkm: Validate DH public key to fix potential buffer
+ overflow
+
+Seems this was forgotten in the referenced commit and actually could lead
+to a buffer overflow.  Since charon-tkm is untrusted this isn't that
+much of an issue but could at least be easily exploited for a DoS attack
+as DH public values are set when handling IKE_SA_INIT requests.
+
+Fixes: 0356089d0f94 ("diffie-hellman: Verify public DH values in backends")
+Fixes: CVE-2023-41913
+---
+ src/charon-tkm/src/tkm/tkm_diffie_hellman.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
+index 2b2d103d03e9..6999ad360d7e 100644
+--- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
++++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
+@@ -70,11 +70,16 @@ METHOD(key_exchange_t, get_shared_secret, bool,
+ 	return TRUE;
+ }
+ 
+-
+ METHOD(key_exchange_t, set_public_key, bool,
+ 	private_tkm_diffie_hellman_t *this, chunk_t value)
+ {
+ 	dh_pubvalue_type othervalue;
++
++	if (!key_exchange_verify_pubkey(this->group, value) ||
++		value.len > sizeof(othervalue.data))
++	{
++		return FALSE;
++	}
+ 	othervalue.size = value.len;
+ 	memcpy(&othervalue.data, value.ptr, value.len);
+ 
+-- 
+2.34.1
+

strongswan.spec

@@ -1,12 +1,15 @@
 Name:             strongswan
 Version:          5.9.7
-Release:          1
+Release:          5
 Summary:          An OpenSource IPsec-based VPN and TNC solution
 License:          GPLv2+
 URL:              http://www.strongswan.org/
 Source0:          http://download.strongswan.org/strongswan-%{version}.tar.bz2
 
 Patch0:           remove-warning-no-format.patch
+Patch1:           CVE-2022-40617.patch
+# https://download.strongswan.org/security/CVE-2023-41913/strongswan-5.9.7-5.9.11_charon_tkm_dh_len.patch
+Patch2:           CVE-2023-41913.patch
 
 BuildRequires:    gcc chrpath autoconf automake libtool tpm2-abrmd
 BuildRequires:    systemd-devel gmp-devel libcurl-devel NetworkManager-libnm-devel openldap-devel
@@ -16,6 +19,9 @@ Requires(post):   systemd
 Requires(preun):  systemd
 Requires(postun): systemd
 Requires:         tpm2-abrmd
+Requires:         %{name}-sqlite = %{version}-%{release}
+Requires:         %{name}-tnc-imcvs = %{version}-%{release}
+Requires:         %{name}-libipsec = %{version}-%{release}
 
 %description
 The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange
@@ -65,7 +71,7 @@ PT-TLS to support TNC over TLS.
 autoreconf -i
 %configure --bindir=%{_libexecdir}/strongswan --sysconfdir=%{_sysconfdir}/strongswan \
            --with-ipsecdir=%{_libexecdir}/strongswan --with-ipseclibdir=%{_libdir}/strongswan \
-           --with-ipsec-script=ipsec --with-fips-mode=2 \
+           --with-ipsec-script=strongswan --with-fips-mode=2 \
            --disable-static \
            --enable-tss-trousers --enable-nm --enable-systemd --enable-openssl --enable-unity \
            --enable-ctr --enable-ccm --enable-gcm --enable-chapoly --enable-md4 --enable-gcrypt \
@@ -143,7 +149,7 @@ echo "%{_libdir}/strongswan" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.co
 %{_unitdir}/strongswan-starter.service
 %{_sbindir}/charon-cmd
 %{_sbindir}/charon-systemd
-%{_sbindir}/ipsec
+%{_sbindir}/strongswan
 %{_sbindir}/swanctl
 %{_libdir}/strongswan/*.so.*
 %exclude %{_libdir}/strongswan/libimcv.so.*
@@ -189,6 +195,18 @@ echo "%{_libdir}/strongswan" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.co
 %{_libexecdir}/strongswan/charon-nm
 
 %changelog
+* Thu Dec 14 2023 yaoxin <yao_xin001@hoperun.com> - 5.9.7-5
+- Fix CVE-2023-41913
+
+* Fri May 19 2023 wangkai <13474090681@163.com> - 5.9.7-4
+- Fix /usr/sbin/ipsec conflicts with libreswan
+
+* Tue Nov 29 2022 wangkai <wangkai385@h-partners.com> - 5.9.7-3
+- Add Requires strongswan-sqlite,strongswan-tnc-imcvs and strongswan-libipsec
+
+* Tue Nov 01 2022 liyuxiang <liyuxiang@ncti-gba.cn> - 5.9.7-2
+- fix CVE-2022-40617
+
 * Sat Aug 13 2022 openhosec <openhosec@hosec.net> - 5.9.7-1
 - Upgrade to 5.9.7 version