[Openswan dev] ESP-3DES no-auth

Mon May 10 19:35:08 CEST 2004

-----BEGIN PGP SIGNED MESSAGE-----

There is a bug in ipsec_rcv.c when using ESP 3DES without
authentication.   

{Doing such a thing is very dumb, but there are very stupid gateways out
 there (okay, I'll name it. 3Com SuperStack!) that think it is a good
 idea.  This box also thinks that manually keying is a good idea too, and
 has weird mobility extensions to make it easier to use manually keyed 
 connections. People using the box can likely trivially be DoS'ed, and
 the box may in fact be useful for DOS'ing other people.}

The test case is east-spi-01/west-spi-01, since originally it looked
like it might be using the same SPI# for in and out.
	
This bug likely affects StrongSwan and all FreeSWAN 2.x. 

The result is a kernel crash if unpatched. 3des_decrypt gets called with
a negative length.

Unless you manually configure such a connection, you are safe.
Pluto will never negotiate such a policy.


Some URLs with patches/info:

http://anoncvs.openswan.org/cgi-bin/viewcvs.cgi/openswan-2/linux/net/ipsec/ipsec_rcv.c

http://anoncvs.openswan.org/cgi-bin/viewcvs.cgi/openswan-2/linux/net/ipsec/ipsec_rcv.c.diff?r1=1.142&r2=1.143

http://anoncvs.openswan.org/cgi-bin/viewcvs.cgi/openswan-2/linux/net/ipsec/ipsec_rcv.c.diff?r1=1.142&r2=1.143&diff_format=u
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQKADmYqHRg3pndX9AQGMlAP9Hnb7fT0ykNllIa0450fbIOXcKgNYe3wG
akSN/eozfzlR5E1nOGAeooNy2W9JXXKfbc/HQs6lqhNHsGmSvThstCDChEk6KU9A
uhdZdrsxcG52ZWuAY4zpG6nypMoYyksBaO1uupy/TBab4mWbuiF49gq0s/womHlk
LTalYx28XCo=
=bJ9x
-----END PGP SIGNATURE-----

===================================================================
RCS file: /public/cvs/openswan-2/linux/net/ipsec/ipsec_rcv.c,v
retrieving revision 1.142
retrieving revision 1.143
diff -u -r1.142 -r1.143

--- openswan-2/linux/net/ipsec/ipsec_rcv.c	2004/05/10 22:25:57	1.142
+++ openswan-2/linux/net/ipsec/ipsec_rcv.c	2004/05/10 22:27:00	1.143
@@ -15,7 +15,7 @@
  * for more details.
  */
 
-char ipsec_rcv_c_version[] = "RCSID $Id: ipsec_rcv.c,v 1.142 2004/05/10 22:25:57 mcr Exp $";
+char ipsec_rcv_c_version[] = "RCSID $Id: ipsec_rcv.c,v 1.143 2004/05/10 22:27:00 mcr Exp $";
 
 #include <linux/config.h>
 #include <linux/version.h>
@@ -489,6 +489,11 @@
 #endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */
 	case AH_NONE:
 		irs->authlen = 0;
+		irs->authfuncs = NULL;
+		irs->ictx = NULL;
+		irs->octx = NULL;
+		irs->ictx_len = 0;
+		irs->octx_len = 0;
 		break;
 	default:
 		irs->ipsp->ips_errs.ips_alg_errs += 1;
@@ -498,6 +503,18 @@
 		return IPSEC_RCV_BADAUTH;
 	}
 
+	irs->ilen = irs->len - iphlen - irs->authlen;
+	if(irs->ilen <= 0) {
+	  KLIPS_PRINT(debug_rcv,
+		      "klips_debug:ipsec_rcv: "
+		      "runt %s packet with no data, dropping.\n",
+		      (proto == IPPROTO_ESP ? "esp" : "ah"));
+	  if(irs->stats) {
+	    irs->stats->rx_dropped++;
+	  }
+	  return IPSEC_RCV_BADLEN;
+	}
+
 #ifdef CONFIG_IPSEC_ALG
 	if(irs->authfuncs || ixt_a) {
 #else
@@ -505,18 +522,6 @@
 #endif
 		unsigned char *authenticator = NULL;
 
-		irs->ilen = irs->len - iphlen - irs->authlen;
-		if(irs->ilen <= 0) {
-			KLIPS_PRINT(debug_rcv,
-				    "klips_debug:ipsec_rcv: "
-				    "runt %s packet with no data, dropping.\n",
-				    (proto == IPPROTO_ESP ? "esp" : "ah"));
-			if(irs->stats) {
-				irs->stats->rx_dropped++;
-			}
-			return IPSEC_RCV_BADLEN;
-		}
-
 		if(proto_funcs->rcv_setup_auth) {
 			enum ipsec_rcv_value retval
 			    = (*proto_funcs->rcv_setup_auth)(irs, skb,
@@ -1460,6 +1465,9 @@
 
 /*
  * $Log: ipsec_rcv.c,v $
+ * Revision 1.143  2004/05/10 22:27:00  mcr
+ * 	fix for ESP-3DES-noauth test case.
+ *
  * Revision 1.142  2004/05/10 22:25:57  mcr
  * 	reformat of calls to ipsec_lifetime_check().
  *
