diff options
author | Leo <thinkabit.ukim@gmail.com> | 2019-07-23 12:43:11 -0300 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2019-07-23 20:55:23 +0200 |
commit | cea68283f6fb219e133352b64b4e2f39cc002604 (patch) | |
tree | 21f70f0f1bb7dd645ecf896a499b66594f63e5c1 /main | |
parent | 1d883b90c2617f701a473458f6bea95c5488513b (diff) | |
download | aports-cea68283f6fb219e133352b64b4e2f39cc002604.tar.bz2 aports-cea68283f6fb219e133352b64b4e2f39cc002604.tar.xz |
main/zeromq: fix CVE-2019-13132
fixes #10687
Diffstat (limited to 'main')
-rw-r--r-- | main/zeromq/APKBUILD | 8 | ||||
-rw-r--r-- | main/zeromq/CVE-2019-13132.patch | 110 |
2 files changed, 116 insertions, 2 deletions
diff --git a/main/zeromq/APKBUILD b/main/zeromq/APKBUILD index 3cfe83e1df..3edd05f866 100644 --- a/main/zeromq/APKBUILD +++ b/main/zeromq/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=zeromq pkgver=4.2.5 -pkgrel=0 +pkgrel=1 pkgdesc="The ZeroMQ messaging library and tools" url="http://www.zeromq.org/" arch="all" @@ -14,10 +14,13 @@ subpackages="$pkgname-dev $pkgname-doc libzmq:libs" source="https://github.com/zeromq/libzmq/releases/download/v$pkgver/$pkgname-$pkgver.tar.gz test-driver.patch CVE-2019-6250.patch + CVE-2019-13132.patch " builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 4.2.5-r1: +# - CVE-2019-13132 # 4.2.5-r0: # - CVE-2019-6250 @@ -47,4 +50,5 @@ package() { sha512sums="4556cb50d05a6d133015a0ba804d6d951a47479a33fa29561eaeecb93d48b7bb6477365d0986c38b779f500cadaf08522c4a7aa13f5510303bd923f794d37036 zeromq-4.2.5.tar.gz 64e4ae2c89469359480743beeb4f1e08976a4c52dbfd2dd33020463df78e927993319e456299682901001e0832ebed85291eea0decc1d27a58de78a6c891e660 test-driver.patch -ee0c71814c93378106593afafd9bb96c15038c2455dcd57ac71a6c3474ebd4eee3f4cf9933ddc737bbe0fe25f8d7cb141517c933fec591c00b7d5563bf33894d CVE-2019-6250.patch" +ee0c71814c93378106593afafd9bb96c15038c2455dcd57ac71a6c3474ebd4eee3f4cf9933ddc737bbe0fe25f8d7cb141517c933fec591c00b7d5563bf33894d CVE-2019-6250.patch +e70db052cced7110ff0066c495a1230459710e31bb1f6afd6f01194ac024c625cf365413d81fccf1c4e1670f9ec6e5ed340fddf9e06a0b726ed79009db92c587 CVE-2019-13132.patch" diff --git a/main/zeromq/CVE-2019-13132.patch b/main/zeromq/CVE-2019-13132.patch new file mode 100644 index 0000000000..39c80d7996 --- /dev/null +++ b/main/zeromq/CVE-2019-13132.patch @@ -0,0 +1,110 @@ +From 4287cd2274ad48faa2b5346b6108f05b32ec20f2 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <luca.boccassi@gmail.com> +Date: Tue, 2 Jul 2019 01:24:19 +0100 +Subject: [PATCH] Problem: application metadata not parsed correctly when using + CURVE + +Solution: create buffers large enough to contain arbitrary metadata +--- + src/curve_server.cpp | 35 ++++++++++++++++++++++++----------- + 1 file changed, 24 insertions(+), 11 deletions(-) + +diff --git a/src/curve_server.cpp b/src/curve_server.cpp +index 6938a637..d3a710db 100644 +--- a/src/curve_server.cpp ++++ b/src/curve_server.cpp +@@ -327,8 +327,12 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_) + const size_t clen = (size - 113) + crypto_box_BOXZEROBYTES; + + uint8_t initiate_nonce[crypto_box_NONCEBYTES]; +- uint8_t initiate_plaintext[crypto_box_ZEROBYTES + 128 + 256]; +- uint8_t initiate_box[crypto_box_BOXZEROBYTES + 144 + 256]; ++ uint8_t *initiate_plaintext = ++ static_cast<uint8_t *> (malloc (crypto_box_ZEROBYTES + clen)); ++ alloc_assert (initiate_plaintext); ++ uint8_t *initiate_box = ++ static_cast<uint8_t *> (malloc (crypto_box_BOXZEROBYTES + clen)); ++ alloc_assert (initiate_box); + + // Open Box [C + vouch + metadata](C'->S') + memset (initiate_box, 0, crypto_box_BOXZEROBYTES); +@@ -339,6 +343,8 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_) + memcpy (initiate_nonce + 16, initiate + 105, 8); + cn_peer_nonce = get_uint64 (initiate + 105); + ++ const uint8_t *client_key = initiate_plaintext + crypto_box_ZEROBYTES; ++ + rc = crypto_box_open (initiate_plaintext, initiate_box, clen, + initiate_nonce, cn_client, cn_secret); + if (rc != 0) { +@@ -346,11 +352,10 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_) + session->get_socket ()->event_handshake_failed_protocol ( + session->get_endpoint (), ZMQ_PROTOCOL_ERROR_ZMTP_CRYPTOGRAPHIC); + errno = EPROTO; +- return -1; ++ rc = -1; ++ goto exit; + } + +- const uint8_t *client_key = initiate_plaintext + crypto_box_ZEROBYTES; +- + uint8_t vouch_nonce[crypto_box_NONCEBYTES]; + uint8_t vouch_plaintext[crypto_box_ZEROBYTES + 64]; + uint8_t vouch_box[crypto_box_BOXZEROBYTES + 80]; +@@ -371,7 +376,8 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_) + session->get_socket ()->event_handshake_failed_protocol ( + session->get_endpoint (), ZMQ_PROTOCOL_ERROR_ZMTP_CRYPTOGRAPHIC); + errno = EPROTO; +- return -1; ++ rc = -1; ++ goto exit; + } + + // What we decrypted must be the client's short-term public key +@@ -383,7 +389,8 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_) + session->get_socket ()->event_handshake_failed_protocol ( + session->get_endpoint (), ZMQ_PROTOCOL_ERROR_ZMTP_KEY_EXCHANGE); + errno = EPROTO; +- return -1; ++ rc = -1; ++ goto exit; + } + + // Precompute connection secret from client key +@@ -405,7 +412,7 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_) + // is attempted) + rc = receive_and_process_zap_reply (); + if (rc == -1) +- return -1; ++ goto exit; + } else if (!options.zap_enforce_domain) { + // This supports the Stonehouse pattern (encryption without + // authentication) in legacy mode (domain set but no handler). +@@ -413,15 +420,21 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_) + } else { + session->get_socket ()->event_handshake_failed_no_detail ( + session->get_endpoint (), EFAULT); +- return -1; ++ rc = -1; ++ goto exit; + } + } else { + // This supports the Stonehouse pattern (encryption without authentication). + state = sending_ready; + } + +- return parse_metadata (initiate_plaintext + crypto_box_ZEROBYTES + 128, +- clen - crypto_box_ZEROBYTES - 128); ++ rc = parse_metadata (initiate_plaintext + crypto_box_ZEROBYTES + 128, ++ clen - crypto_box_ZEROBYTES - 128); ++ ++exit: ++ free (initiate_plaintext); ++ free (initiate_box); ++ return rc; + } + + int zmq::curve_server_t::produce_ready (msg_t *msg_) +-- +2.20.1 + |