From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49187) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1da5V1-0006Un-Kf for guix-patches@gnu.org; Tue, 25 Jul 2017 15:28:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1da5Uw-0003Jv-Oo for guix-patches@gnu.org; Tue, 25 Jul 2017 15:28:07 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:53640) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1da5Uw-0003Jq-Kf for guix-patches@gnu.org; Tue, 25 Jul 2017 15:28:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1da5Uw-0006wp-Fc for guix-patches@gnu.org; Tue, 25 Jul 2017 15:28:02 -0400 Subject: [bug#27829] [PATCH] gnu: libtasn1: Fix CVE-2017-10790. Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:48909) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1da5Tk-0006Qv-HP for guix-patches@gnu.org; Tue, 25 Jul 2017 15:26:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1da5Tg-0002xJ-KU for guix-patches@gnu.org; Tue, 25 Jul 2017 15:26:48 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:49511) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1da5Tg-0002x4-GJ for guix-patches@gnu.org; Tue, 25 Jul 2017 15:26:44 -0400 Received: from jasmine.lan (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id B5388241D9 for ; Tue, 25 Jul 2017 15:26:43 -0400 (EDT) From: Leo Famulari Date: Tue, 25 Jul 2017 15:26:39 -0400 Message-Id: List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 27829@debbugs.gnu.org * gnu/packages/patches/libtasn1-CVE-2017-10790.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/tls.scm (libtasn1/fixed)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/patches/libtasn1-CVE-2017-10790.patch | 63 ++++++++++++++++++++++ gnu/packages/tls.scm | 3 +- 3 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libtasn1-CVE-2017-10790.patch diff --git a/gnu/local.mk b/gnu/local.mk index f5255feff..f93929f9e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -773,6 +773,7 @@ dist_patch_DATA = \ %D%/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtasn1-CVE-2017-6891.patch \ + %D%/packages/patches/libtasn1-CVE-2017-10790.patch \ %D%/packages/patches/libtheora-config-guess.patch \ %D%/packages/patches/libtiff-CVE-2016-10092.patch \ %D%/packages/patches/libtiff-CVE-2016-10093.patch \ diff --git a/gnu/packages/patches/libtasn1-CVE-2017-10790.patch b/gnu/packages/patches/libtasn1-CVE-2017-10790.patch new file mode 100644 index 000000000..6cec0c803 --- /dev/null +++ b/gnu/packages/patches/libtasn1-CVE-2017-10790.patch @@ -0,0 +1,63 @@ +Fix CVE-2017-10790: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790 + +Patch copied from upstream source repository: + +https://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=d8d805e1f2e6799bb2dff4871a8598dc83088a39 + +From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Thu, 22 Jun 2017 16:31:37 +0200 +Subject: [PATCH] _asn1_check_identifier: safer access to values read + +Signed-off-by: Nikos Mavrogiannopoulos +--- + lib/parser_aux.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/lib/parser_aux.c b/lib/parser_aux.c +index 976ab38..786ea64 100644 +--- a/lib/parser_aux.c ++++ b/lib/parser_aux.c +@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node) + if (p2 == NULL) + { + if (p->value) +- _asn1_strcpy (_asn1_identifierMissing, p->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); + else + _asn1_strcpy (_asn1_identifierMissing, "(null)"); + return ASN1_IDENTIFIER_NOT_FOUND; +@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node) + if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) + { + _asn1_str_cpy (name2, sizeof (name2), node->name); +- _asn1_str_cat (name2, sizeof (name2), "."); +- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); +- _asn1_strcpy (_asn1_identifierMissing, p2->value); ++ if (p2->value) ++ { ++ _asn1_str_cat (name2, sizeof (name2), "."); ++ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); ++ } ++ else ++ _asn1_strcpy (_asn1_identifierMissing, "(null)"); ++ + p2 = asn1_find_node (node, name2); + if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || + !(p2->type & CONST_ASSIGN)) +@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node) + _asn1_str_cpy (name2, sizeof (name2), node->name); + _asn1_str_cat (name2, sizeof (name2), "."); + _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); +- _asn1_strcpy (_asn1_identifierMissing, p2->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); ++ + p2 = asn1_find_node (node, name2); + if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) + || !(p2->type & CONST_ASSIGN)) +-- +2.13.3 + diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 0a81633aa..106cc48e7 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -81,7 +81,8 @@ specifications.") (origin (inherit (package-source libtasn1)) (patches - (search-patches "libtasn1-CVE-2017-6891.patch")))))) + (search-patches "libtasn1-CVE-2017-6891.patch" + "libtasn1-CVE-2017-10790.patch")))))) (define-public asn1c (package -- 2.13.3