From 4e2c0382dd6c024d5349318f9a18762b3814ef9a Mon Sep 17 00:00:00 2001
From: Eugene Grosbein <eugen@FreeBSD.org>
Date: Fri, 24 Nov 2023 15:03:00 +0700
Subject: [PATCH] security/strongswan: fix CVE-2023-41913

This is urgent change adding official patch
https://download.strongswan.org/security/CVE-2023-41913/strongswan-5.9.7-5.9.11_charon_tkm_dh_len.patch
that is identical to the change made for strongswan-5.9.12:
https://github.com/strongswan/strongswan/commit/96d793718955820dfe5e6d8aa6127a34795ae39e

It is upto port maintainer to review and maybe upgrade the port to 5.9.12

Obtained from:	strongSwan
Security:	CVE-2023-41913
---
 security/strongswan/Makefile                  |  2 +-
 ...tl_charon-tkm_src_tkm_tkm_diffie_hellman.c | 42 +++++++++++++++++++
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 security/strongswan/files/patch-src_swanctl_charon-tkm_src_tkm_tkm_diffie_hellman.c

diff --git a/security/strongswan/Makefile b/security/strongswan/Makefile
index f6fe9d669352b..c7972b9ca9b69 100644
--- a/security/strongswan/Makefile
+++ b/security/strongswan/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	strongswan
 DISTVERSION=	5.9.11
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	security net-vpn
 MASTER_SITES=	https://download.strongswan.org/ \
 		https://download2.strongswan.org/
diff --git a/security/strongswan/files/patch-src_swanctl_charon-tkm_src_tkm_tkm_diffie_hellman.c b/security/strongswan/files/patch-src_swanctl_charon-tkm_src_tkm_tkm_diffie_hellman.c
new file mode 100644
index 0000000000000..f70c024464271
--- /dev/null
+++ b/security/strongswan/files/patch-src_swanctl_charon-tkm_src_tkm_tkm_diffie_hellman.c
@@ -0,0 +1,42 @@
+From 027421cbd2e6e628f5f959c74d722afadc477485 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Tue, 11 Jul 2023 12:12:25 +0200
+Subject: [PATCH] charon-tkm: Validate DH public key to fix potential buffer
+ overflow
+
+Seems this was forgotten in the referenced commit and actually could lead
+to a buffer overflow.  Since charon-tkm is untrusted this isn't that
+much of an issue but could at least be easily exploited for a DoS attack
+as DH public values are set when handling IKE_SA_INIT requests.
+
+Fixes: 0356089d0f94 ("diffie-hellman: Verify public DH values in backends")
+Fixes: CVE-2023-41913
+---
+ src/charon-tkm/src/tkm/tkm_diffie_hellman.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
+index 2b2d103d03e9..6999ad360d7e 100644
+--- src/charon-tkm/src/tkm/tkm_diffie_hellman.c
++++ src/charon-tkm/src/tkm/tkm_diffie_hellman.c
+@@ -70,11 +70,16 @@ METHOD(key_exchange_t, get_shared_secret, bool,
+ 	return TRUE;
+ }
+ 
+-
+ METHOD(key_exchange_t, set_public_key, bool,
+ 	private_tkm_diffie_hellman_t *this, chunk_t value)
+ {
+ 	dh_pubvalue_type othervalue;
++
++	if (!key_exchange_verify_pubkey(this->group, value) ||
++		value.len > sizeof(othervalue.data))
++	{
++		return FALSE;
++	}
+ 	othervalue.size = value.len;
+ 	memcpy(&othervalue.data, value.ptr, value.len);
+ 
+-- 
+2.34.1
+