diff options
| -rw-r--r-- | main/libtasn1/APKBUILD | 8 | ||||
| -rw-r--r-- | main/libtasn1/CVE-2017-10790.patch | 55 |
2 files changed, 61 insertions, 2 deletions
diff --git a/main/libtasn1/APKBUILD b/main/libtasn1/APKBUILD index e9a3639994..fe331b1f23 100644 --- a/main/libtasn1/APKBUILD +++ b/main/libtasn1/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libtasn1 pkgver=4.7 -pkgrel=2 +pkgrel=3 pkgdesc="The ASN.1 library used in GNUTLS" url="http://www.gnu.org/software/gnutls/" arch="all" @@ -12,6 +12,7 @@ install= source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz CVE-2016-4008.patch CVE-2017-6891.patch + CVE-2017-10790.patch " _builddir="$srcdir"/$pkgname-$pkgver @@ -19,6 +20,8 @@ _builddir="$srcdir"/$pkgname-$pkgver # secfixes: # 4.7-r2: # - CVE-2017-6891 +# 4.7-r3: +# - CVE-2017-10790 prepare() { local i @@ -47,4 +50,5 @@ package() { } sha512sums="9e93264bfad250d88c528550db4731d07c5c1b2ec319b892e9b536dc3d46b2a4166241ebf3470127c4f662067b7dabaa407ce1f16bdf05ee31495881eefe5572 libtasn1-4.7.tar.gz 0c2b639df74ea9ff386a429f499d5e4764efeed4686c8ec28bd18d75c07eba84bfe21b5780d2115aebefe6a54ffe87cc5fac28b82b00bc2f5a47c090d3bd8fd7 CVE-2016-4008.patch -82972045d29afe8b4a4e240ae45e6417de46f1057ba48026ba5ed5679054dbc469194a34ede9007925bf7bfbc91c93f31aafc1dcdac8ffc4d8c0798e08c7f880 CVE-2017-6891.patch" +82972045d29afe8b4a4e240ae45e6417de46f1057ba48026ba5ed5679054dbc469194a34ede9007925bf7bfbc91c93f31aafc1dcdac8ffc4d8c0798e08c7f880 CVE-2017-6891.patch +8e9dad0a1ee7cb7a8ed3d2a60c1c1bcb3e1ef689dbd2879992d4098f36edbae3bb962b9c87a0a9a77335e83abf10fd72bd78bde99989421c35f4434a9e1d08cc CVE-2017-10790.patch" diff --git a/main/libtasn1/CVE-2017-10790.patch b/main/libtasn1/CVE-2017-10790.patch new file mode 100644 index 0000000000..eb752c20a9 --- /dev/null +++ b/main/libtasn1/CVE-2017-10790.patch @@ -0,0 +1,55 @@ +From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: Thu, 22 Jun 2017 16:31:37 +0200 +Subject: [PATCH] _asn1_check_identifier: safer access to values read + +Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> +--- + lib/parser_aux.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/lib/parser_aux.c b/lib/parser_aux.c +index 976ab38..786ea64 100644 +--- a/lib/parser_aux.c ++++ b/lib/parser_aux.c +@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node) + if (p2 == NULL) + { + if (p->value) +- _asn1_strcpy (_asn1_identifierMissing, p->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); + else + _asn1_strcpy (_asn1_identifierMissing, "(null)"); + return ASN1_IDENTIFIER_NOT_FOUND; +@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node) + if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) + { + _asn1_str_cpy (name2, sizeof (name2), node->name); +- _asn1_str_cat (name2, sizeof (name2), "."); +- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); +- _asn1_strcpy (_asn1_identifierMissing, p2->value); ++ if (p2->value) ++ { ++ _asn1_str_cat (name2, sizeof (name2), "."); ++ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); ++ } ++ else ++ _asn1_strcpy (_asn1_identifierMissing, "(null)"); ++ + p2 = asn1_find_node (node, name2); + if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || + !(p2->type & CONST_ASSIGN)) +@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node) + _asn1_str_cpy (name2, sizeof (name2), node->name); + _asn1_str_cat (name2, sizeof (name2), "."); + _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); +- _asn1_strcpy (_asn1_identifierMissing, p2->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); ++ + p2 = asn1_find_node (node, name2); + if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) + || !(p2->type & CONST_ASSIGN)) +-- +1.9.1 + |