libtasn1: CVE-2015-3622

_asn1_extract_der_octet: prevent past of boundary access References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622 http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=patch; h=f979435823a02f842c41d49cd41cc81f25b5d677 (From OE-Core rev: 61bee3f813127c91d75a2af5197bdc874483a1fd) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Sona Sarmadi <sona.sarmadi@enea.com> 2015-09-14 12:04:32 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-01-30 12:03:13 +0000
commit: 8cf47f82b945c6940461da9d3358fca0a454d7bf (patch)
tree: 85f9393adb59096d24ac12b2074bb06b90ba953f
parent: 8ef55cc0da13c96349f665987f2bcf9e64eebf8a (diff)
download: poky-8cf47f82b945c6940461da9d3358fca0a454d7bf.tar.gz
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch b/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch
new file mode 100644
index 0000000000..0989ef6a21
--- /dev/null
+++ b/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch
@@ -0,0 +1,44 @@
+From f979435823a02f842c41d49cd41cc81f25b5d677 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Mon, 20 Apr 2015 14:56:27 +0200
+Subject: [PATCH] _asn1_extract_der_octet: prevent past of boundary access
+Fixes CVE-2015-3622.
+Upstream-Status: Backport
+Reported by Hanno Böck.
+---
+ lib/decoding.c |    3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+diff --git a/lib/decoding.c b/lib/decoding.c
+index 7fbd931..42ddc6b 100644
+--- a/lib/decoding.c
+++ b/lib/decoding.c
+@@ -732,6 +732,7 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
+     return ASN1_DER_ERROR;
+ 
+   counter = len3 + 1;
+  DECR_LEN(der_len, len3);
+ 
+   if (len2 == -1)
+     counter_end = der_len - 2;
+@@ -740,6 +741,7 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
+ 
+   while (counter < counter_end)
+     {
+      DECR_LEN(der_len, 1);
+       len2 = asn1_get_length_der (der + counter, der_len, &len3);
+ 
+       if (IS_ERR(len2, flags))
+@@ -764,7 +766,6 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
+          len2 = 0;
+        }
+ 
+-      DECR_LEN(der_len, 1);
+       counter += len2 + len3 + 1;
+     }
+ 
+-- 
+1.7.2.5
diff --git a/meta/recipes-support/gnutls/libtasn1_4.0.bb b/meta/recipes-support/gnutls/libtasn1_4.0.bb
index 289833ec80..16cf4d6812 100644
--- a/meta/recipes-support/gnutls/libtasn1_4.0.bb
+++ b/meta/recipes-support/gnutls/libtasn1_4.0.bb
@@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
 SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \
           file://libtasn1_fix_for_automake_1.12.patch \
           file://dont-depend-on-help2man.patch \
+           file://libtasn1-CVE-2015-3622.patch \
           "
 SRC_URI[md5sum] = "d3d2d9bce3b6668b9827a9df52635be1"
author	Sona Sarmadi <sona.sarmadi@enea.com>	2015-09-14 12:04:32 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-30 12:03:13 +0000
commit	8cf47f82b945c6940461da9d3358fca0a454d7bf (patch)
tree	85f9393adb59096d24ac12b2074bb06b90ba953f
parent	8ef55cc0da13c96349f665987f2bcf9e64eebf8a (diff)
download	poky-8cf47f82b945c6940461da9d3358fca0a454d7bf.tar.gz

diff --git a/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch b/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch new file mode 100644 index 0000000000..0989ef6a21 --- /dev/null +++ b/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch
@@ -0,0 +1,44 @@
		1	From f979435823a02f842c41d49cd41cc81f25b5d677 Mon Sep 17 00:00:00 2001
		2	From: Nikos Mavrogiannopoulos <nmav@redhat.com>
		3	Date: Mon, 20 Apr 2015 14:56:27 +0200
		4	Subject: [PATCH] _asn1_extract_der_octet: prevent past of boundary access
		5
		6	Fixes CVE-2015-3622.
		7	Upstream-Status: Backport
		8
		9	Reported by Hanno Böck.
		10	---
		11	lib/decoding.c \| 3 ++-
		12	1 files changed, 2 insertions(+), 1 deletions(-)
		13
		14	diff --git a/lib/decoding.c b/lib/decoding.c
		15	index 7fbd931..42ddc6b 100644
		16	--- a/lib/decoding.c
		17	+++ b/lib/decoding.c
		18	@@ -732,6 +732,7 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
		19	return ASN1_DER_ERROR;
		20
		21	counter = len3 + 1;
		22	+ DECR_LEN(der_len, len3);
		23
		24	if (len2 == -1)
		25	counter_end = der_len - 2;
		26	@@ -740,6 +741,7 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
		27
		28	while (counter < counter_end)
		29	{
		30	+ DECR_LEN(der_len, 1);
		31	len2 = asn1_get_length_der (der + counter, der_len, &len3);
		32
		33	if (IS_ERR(len2, flags))
		34	@@ -764,7 +766,6 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
		35	len2 = 0;
		36	}
		37
		38	- DECR_LEN(der_len, 1);
		39	counter += len2 + len3 + 1;
		40	}
		41
		42	--
		43	1.7.2.5
		44


diff --git a/meta/recipes-support/gnutls/libtasn1_4.0.bb b/meta/recipes-support/gnutls/libtasn1_4.0.bb index 289833ec80..16cf4d6812 100644 --- a/meta/recipes-support/gnutls/libtasn1_4.0.bb +++ b/meta/recipes-support/gnutls/libtasn1_4.0.bb
@@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
11	SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \	11	SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \
12	file://libtasn1_fix_for_automake_1.12.patch \	12	file://libtasn1_fix_for_automake_1.12.patch \
13	file://dont-depend-on-help2man.patch \	13	file://dont-depend-on-help2man.patch \
		14	file://libtasn1-CVE-2015-3622.patch \
14	"	15	"
15		16
16	SRC_URI[md5sum] = "d3d2d9bce3b6668b9827a9df52635be1"	17	SRC_URI[md5sum] = "d3d2d9bce3b6668b9827a9df52635be1"