diff options
author | Francesco Colista <fcolista@alpinelinux.org> | 2017-05-25 13:28:56 +0000 |
---|---|---|
committer | Francesco Colista <fcolista@alpinelinux.org> | 2017-05-25 14:03:12 +0000 |
commit | 96deb4b1308544a05fef48ef2b2dcc9f868958b1 (patch) | |
tree | 9c3e57d596b6a35422e273eef37879e819da527d | |
parent | 05a62bda8ec255d7049a2bd4cf0fdc4b32bdb2cc (diff) | |
download | aports-96deb4b1308544a05fef48ef2b2dcc9f868958b1.tar.bz2 aports-96deb4b1308544a05fef48ef2b2dcc9f868958b1.tar.xz |
main/libtasn1: security fix for CVE-2017-6891. Fixes #7327
-rw-r--r-- | main/libtasn1/APKBUILD | 14 | ||||
-rw-r--r-- | main/libtasn1/CVE-2017-6891.patch | 43 |
2 files changed, 52 insertions, 5 deletions
diff --git a/main/libtasn1/APKBUILD b/main/libtasn1/APKBUILD index 847342cfc7..a94619b8da 100644 --- a/main/libtasn1/APKBUILD +++ b/main/libtasn1/APKBUILD @@ -2,16 +2,21 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libtasn1 pkgver=4.10 -pkgrel=0 +pkgrel=1 pkgdesc="The ASN.1 library used in GNUTLS" url="http://www.gnu.org/software/gnutls/" arch="all" license="GPL3 LGPL" makedepends="texinfo" subpackages="$pkgname-dev $pkgname-doc" -source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz" +source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz + CVE-2017-6891.patch" builddir="$srcdir/$pkgname-$pkgver" +# secfixes: +# 4.10-r1: +# - CVE-2017-6891 + build() { cd "$builddir" CFLAGS="-Wno-error=inline" ./configure \ @@ -30,6 +35,5 @@ package() { make DESTDIR="$pkgdir" install || return 1 } -md5sums="f4faffdf63969d0e4e6df43b9679e8e5 libtasn1-4.10.tar.gz" -sha256sums="681a4d9a0d259f2125713f2e5766c5809f151b3a1392fd91390f780b4b8f5a02 libtasn1-4.10.tar.gz" -sha512sums="614e93128e6be8f46a2ad46e2a515e2edfb1f5a2e90c9e5da02d3afc0a882dc956632dd2b1eddd6b0e258e7b58a82d5d745d8ccd23120d94bb0af48132ed1a18 libtasn1-4.10.tar.gz" +sha512sums="614e93128e6be8f46a2ad46e2a515e2edfb1f5a2e90c9e5da02d3afc0a882dc956632dd2b1eddd6b0e258e7b58a82d5d745d8ccd23120d94bb0af48132ed1a18 libtasn1-4.10.tar.gz +82972045d29afe8b4a4e240ae45e6417de46f1057ba48026ba5ed5679054dbc469194a34ede9007925bf7bfbc91c93f31aafc1dcdac8ffc4d8c0798e08c7f880 CVE-2017-6891.patch" diff --git a/main/libtasn1/CVE-2017-6891.patch b/main/libtasn1/CVE-2017-6891.patch new file mode 100644 index 0000000000..320068b6de --- /dev/null +++ b/main/libtasn1/CVE-2017-6891.patch @@ -0,0 +1,43 @@ +From 5520704d075802df25ce4ffccc010ba1641bd484 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: Thu, 18 May 2017 18:03:34 +0200 +Subject: [PATCH] asn1_find_node: added safety check on asn1_find_node() + +This prevents a stack overflow in asn1_find_node() which +is triggered by too long variable names in the definitions +files. That means that applications have to deliberately +pass a too long 'name' constant to asn1_write_value() +and friends. Reported by Jakub Jirasek. + +Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> +--- + lib/parser_aux.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/lib/parser_aux.c b/lib/parser_aux.c +index b4a7370..976ab38 100644 +--- a/lib/parser_aux.c ++++ b/lib/parser_aux.c +@@ -120,6 +120,9 @@ asn1_find_node (asn1_node pointer, const char *name) + if (n_end) + { + nsize = n_end - n_start; ++ if (nsize >= sizeof(n)) ++ return NULL; ++ + memcpy (n, n_start, nsize); + n[nsize] = 0; + n_start = n_end; +@@ -158,6 +161,9 @@ asn1_find_node (asn1_node pointer, const char *name) + if (n_end) + { + nsize = n_end - n_start; ++ if (nsize >= sizeof(n)) ++ return NULL; ++ + memcpy (n, n_start, nsize); + n[nsize] = 0; + n_start = n_end; +-- +1.9.1 + |