Re: L2TP/IPSec on Mac OSX stop working after openswan upgrade [with patches]
On Tue, 29 Apr 2014, Liu DongMiao wrote:
> After checking the patch, I found the it's CVE-2013-6466.patch, it
> removes the compatible code for mac os x and ios, which use a bad
> draft. Now, I have fixed this, and test on mac os x and ios. However,
> I didn't test on other platform, such as linux, windows.
Did you test to make sure you did not reintroduce CVE-2013-6466? While your
patch is simple, the patch that fixed CVE-2013-6466 is not and touched a lot
of code. It was not immediately obvious -- at least to me -- that
reenabling the compatibiliy code will still work well after the changes done
to fix CVE-2013-6466.
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot