Re: L2TP/IPSec on Mac OSX stop working after openswan upgrade [with patches]

To: Liu DongMiao <liudongmiao@gmail.com>
Cc: corsac@debian.org, debian-security@lists.debian.org
Subject: Re: L2TP/IPSec on Mac OSX stop working after openswan upgrade [with patches]
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Thu, 1 May 2014 12:23:37 -0300
Message-id: <[🔎] 20140501152337.GC2600@khazad-dum.debian.net>
In-reply-to: <CACTknu8_eM-bzzi5_x=qCQc7JSu=sLEgsSJMTNyCm+zRbvGcpw@mail.gmail.com>
References: <CACTknu8_eM-bzzi5_x=qCQc7JSu=sLEgsSJMTNyCm+zRbvGcpw@mail.gmail.com>

On Tue, 29 Apr 2014, Liu DongMiao wrote:
> After checking the patch, I found the it's CVE-2013-6466.patch, it
> removes the compatible code for mac os x and ios, which use a bad
> draft. Now, I have fixed this, and test on mac os x and ios. However,
> I didn't test on other platform, such as linux, windows.

Did you test to make sure you did not reintroduce CVE-2013-6466?  While your
patch is simple, the patch that fixed CVE-2013-6466 is not and touched a lot
of code.  It was not immediately obvious -- at least to me -- that
reenabling the compatibiliy code will still work well after the changes done
to fix CVE-2013-6466.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

Follow-Ups:
- Re: L2TP/IPSec on Mac OSX stop working after openswan upgrade [with patches]
  - From: Liu DongMiao <liudongmiao@gmail.com>

Next by Date: Re: L2TP/IPSec on Mac OSX stop working after openswan upgrade [with patches]
Next by thread: Re: L2TP/IPSec on Mac OSX stop working after openswan upgrade [with patches]
Index(es):
- Date
- Thread