openssl: Security fix CVE-2016-6303

affects openssl < 1.0.1i (From OE-Core rev: bb812836c2c8d89da54d905b65487a9f1acd5f3c) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2016-09-23 23:14:36 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-09-27 09:05:57 +0100
commit: 5f97311702afa5b942f0c3f71cf74292b6eae365 (patch)
tree: 05d3541c745791cfb5d0b13c3e64eed94d4afa5c
parent: 7026b2b05a231040b1ee571637237c9a5de3aef1 (diff)
download: poky-5f97311702afa5b942f0c3f71cf74292b6eae365.tar.gz
2 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch
new file mode 100644
index 0000000000..95bdec42f8
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch
@@ -0,0 +1,36 @@
+From 1027ad4f34c30b8585592764b9a670ba36888269 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Fri, 19 Aug 2016 23:28:29 +0100
+Subject: [PATCH] Avoid overflow in MDC2_Update()
+Thanks to Shi Lei for reporting this issue.
+CVE-2016-6303
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(cherry picked from commit 55d83bf7c10c7b205fffa23fa7c3977491e56c07)
+Upstream-Status: Backport
+CVE: CVE-2016-6303
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ crypto/mdc2/mdc2dgst.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c
+index 6615cf8..2dce493 100644
+--- a/crypto/mdc2/mdc2dgst.c
+++ b/crypto/mdc2/mdc2dgst.c
+@@ -91,7 +91,7 @@ int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len)
+ 
+     i = c->num;
+     if (i != 0) {
+-        if (i + len < MDC2_BLOCK) {
+        if (len < MDC2_BLOCK - i) {
+             /* partial block */
+             memcpy(&(c->data[i]), in, len);
+             c->num += (int)len;
+-- 
+2.7.4
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
index 8587f10a07..2e42e173a2 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
@@ -46,6 +46,7 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
            file://CVE-2016-2181_p3.patch \
            file://CVE-2016-2182.patch \
            file://CVE-2016-6302.patch \
+            file://CVE-2016-6303.patch \
           "
 SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
 SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
author	Armin Kuster <akuster@mvista.com>	2016-09-23 23:14:36 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-09-27 09:05:57 +0100
commit	5f97311702afa5b942f0c3f71cf74292b6eae365 (patch)
tree	05d3541c745791cfb5d0b13c3e64eed94d4afa5c
parent	7026b2b05a231040b1ee571637237c9a5de3aef1 (diff)
download	poky-5f97311702afa5b942f0c3f71cf74292b6eae365.tar.gz

diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch new file mode 100644 index 0000000000..95bdec42f8 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch
@@ -0,0 +1,36 @@
		1	From 1027ad4f34c30b8585592764b9a670ba36888269 Mon Sep 17 00:00:00 2001
		2	From: "Dr. Stephen Henson" <steve@openssl.org>
		3	Date: Fri, 19 Aug 2016 23:28:29 +0100
		4	Subject: [PATCH] Avoid overflow in MDC2_Update()
		5
		6	Thanks to Shi Lei for reporting this issue.
		7
		8	CVE-2016-6303
		9
		10	Reviewed-by: Matt Caswell <matt@openssl.org>
		11	(cherry picked from commit 55d83bf7c10c7b205fffa23fa7c3977491e56c07)
		12
		13	Upstream-Status: Backport
		14	CVE: CVE-2016-6303
		15	Signed-off-by: Armin Kuster <akuster@mvista.com>
		16
		17	---
		18	crypto/mdc2/mdc2dgst.c \| 2 +-
		19	1 file changed, 1 insertion(+), 1 deletion(-)
		20
		21	diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c
		22	index 6615cf8..2dce493 100644
		23	--- a/crypto/mdc2/mdc2dgst.c
		24	+++ b/crypto/mdc2/mdc2dgst.c
		25	@@ -91,7 +91,7 @@ int MDC2_Update(MDC2_CTX c, const unsigned char in, size_t len)
		26
		27	i = c->num;
		28	if (i != 0) {
		29	- if (i + len < MDC2_BLOCK) {
		30	+ if (len < MDC2_BLOCK - i) {
		31	/* partial block */
		32	memcpy(&(c->data[i]), in, len);
		33	c->num += (int)len;
		34	--
		35	2.7.4
		36


diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb index 8587f10a07..2e42e173a2 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
@@ -46,6 +46,7 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
46	file://CVE-2016-2181_p3.patch \	46	file://CVE-2016-2181_p3.patch \
47	file://CVE-2016-2182.patch \	47	file://CVE-2016-2182.patch \
48	file://CVE-2016-6302.patch \	48	file://CVE-2016-6302.patch \
		49	file://CVE-2016-6303.patch \
49	"	50	"
50	SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"	51	SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
51	SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"	52	SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"