diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2018-02-28 08:15:16 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2018-02-28 09:37:48 +0000 |
commit | b844828751639ed6678a815bc7b40b9508ee8e0b (patch) | |
tree | 26ca2e9d66eb43437f24635dab22ad38c96e1c22 | |
parent | 6e2ae39b5d0e697b956f42282f5cb9e6ecfb2e29 (diff) | |
download | aports-b844828751639ed6678a815bc7b40b9508ee8e0b.tar.bz2 aports-b844828751639ed6678a815bc7b40b9508ee8e0b.tar.xz |
main/libtasn1: security fix (CVE-2018-6003)
Fixes #8530
-rw-r--r-- | main/libtasn1/APKBUILD | 16 | ||||
-rw-r--r-- | main/libtasn1/CVE-2018-6003.patch | 64 |
2 files changed, 78 insertions, 2 deletions
diff --git a/main/libtasn1/APKBUILD b/main/libtasn1/APKBUILD index 8f49578d9f..ff8c767545 100644 --- a/main/libtasn1/APKBUILD +++ b/main/libtasn1/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libtasn1 pkgver=4.8 -pkgrel=2 +pkgrel=3 pkgdesc="The ASN.1 library used in GNUTLS" url="http://www.gnu.org/software/gnutls/" arch="all" @@ -10,6 +10,7 @@ subpackages="$pkgname-dev $pkgname-doc" source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz CVE-2017-6891.patch CVE-2017-10790.patch + CVE-2018-6003.patch " _builddir="$srcdir"/$pkgname-$pkgver @@ -18,6 +19,8 @@ _builddir="$srcdir"/$pkgname-$pkgver # - CVE-2017-6891 # 4.8-r2: # - CVE-2017-10790 +# 4.8-r3: +# - CVE-2018-6003 build() { cd "$_builddir" @@ -33,6 +36,15 @@ package() { cd "$_builddir" make DESTDIR="$pkgdir" install || return 1 } +md5sums="9a6767705725544f2b86670dcfb34107 libtasn1-4.8.tar.gz +a67751e9c1718070608a89f7a1e38919 CVE-2017-6891.patch +20e2f194a8a43c790aa1ffea06104523 CVE-2017-10790.patch +54ad4f5b2da1943a841c05f257ef403b CVE-2018-6003.patch" +sha256sums="fa802fc94d79baa00e7397cedf29eb6827d4bd8b4dd77b577373577c93a8c513 libtasn1-4.8.tar.gz +53c09333c6995e2b7d7068b350b8847caa720f1c2cb8f9a1477dfe8316371900 CVE-2017-6891.patch +f1dc9ff3f7e660633a2cc3e60f4198aafc46f479662176cf160ca7fb5503bcec CVE-2017-10790.patch +843c51bd9f430e7f33701fad2d6d77536e916d7e33b37173fe19099219f06686 CVE-2018-6003.patch" sha512sums="22a0d1b2fc57efd18aa23ea720f915ec0c31bd2f60653181b0537d3d7c3c3262cef3a76e3be03fdb7d7cd5a6b4156a1033b156e56717bfa37a32f176692319f3 libtasn1-4.8.tar.gz 82972045d29afe8b4a4e240ae45e6417de46f1057ba48026ba5ed5679054dbc469194a34ede9007925bf7bfbc91c93f31aafc1dcdac8ffc4d8c0798e08c7f880 CVE-2017-6891.patch -8e9dad0a1ee7cb7a8ed3d2a60c1c1bcb3e1ef689dbd2879992d4098f36edbae3bb962b9c87a0a9a77335e83abf10fd72bd78bde99989421c35f4434a9e1d08cc CVE-2017-10790.patch" +8e9dad0a1ee7cb7a8ed3d2a60c1c1bcb3e1ef689dbd2879992d4098f36edbae3bb962b9c87a0a9a77335e83abf10fd72bd78bde99989421c35f4434a9e1d08cc CVE-2017-10790.patch +ab35a4aa314d02b1e7e93b1e5ae04138583274c6774447566e48dd03cf92db2c78760901da6a325b630b2525811c450e8ba180b4a4c188ae48cbaf94fc4c7d3d CVE-2018-6003.patch" diff --git a/main/libtasn1/CVE-2018-6003.patch b/main/libtasn1/CVE-2018-6003.patch new file mode 100644 index 0000000000..d7b48b412a --- /dev/null +++ b/main/libtasn1/CVE-2018-6003.patch @@ -0,0 +1,64 @@ +From c593ae84cfcde8fea45787e53950e0ac71e9ca97 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: Thu, 4 Jan 2018 10:52:05 +0100 +Subject: [PATCH] _asn1_decode_simple_ber: restrict the levels of recursion to 3 + +On indefinite string decoding, setting a maximum level of recursions +protects the BER decoder from a stack exhaustion due to large amounts +of recursion. + +Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> +--- + lib/decoding.c | 21 +++++++++++++++++++-- + 1 file changed, 19 insertions(+), 2 deletions(-) + +diff --git a/lib/decoding.c b/lib/decoding.c +index 2240b09..0ee35d3 100644 +--- a/lib/decoding.c ++++ b/lib/decoding.c +@@ -45,6 +45,13 @@ + + #define DECODE_FLAG_HAVE_TAG 1 + #define DECODE_FLAG_INDEFINITE (1<<1) ++/* On indefinite string decoding, allow this maximum levels ++ * of recursion. Allowing infinite recursion, makes the BER ++ * decoder susceptible to stack exhaustion due to that recursion. ++ */ ++#define DECODE_FLAG_LEVEL1 (1<<2) ++#define DECODE_FLAG_LEVEL2 (1<<3) ++#define DECODE_FLAG_LEVEL3 (1<<4) + + #define DECR_LEN(l, s) do { \ + l -= s; \ +@@ -2216,7 +2223,8 @@ _asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, + } + + /* indefinite constructed */ +- if (((dflags & DECODE_FLAG_INDEFINITE) || class == ASN1_CLASS_STRUCTURED) && ETYPE_IS_STRING(etype)) ++ if ((((dflags & DECODE_FLAG_INDEFINITE) || class == ASN1_CLASS_STRUCTURED) && ETYPE_IS_STRING(etype)) && ++ !(dflags & DECODE_FLAG_LEVEL3)) + { + len_len = 1; + +@@ -2236,8 +2244,17 @@ _asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, + do + { + unsigned tmp_len; ++ unsigned flags = DECODE_FLAG_HAVE_TAG; ++ ++ if (dflags & DECODE_FLAG_LEVEL1) ++ flags |= DECODE_FLAG_LEVEL2; ++ else if (dflags & DECODE_FLAG_LEVEL2) ++ flags |= DECODE_FLAG_LEVEL3; ++ else ++ flags |= DECODE_FLAG_LEVEL1; + +- result = asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len); ++ result = _asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len, ++ flags); + if (result != ASN1_SUCCESS) + { + warn(); +-- +libgit2 0.26.0 + |