diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2015-03-06 07:26:43 +0100 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2015-07-06 20:19:39 +0200 |
commit | 13e4abbce92f9b7630563a0b7f9d8be6db3919c9 (patch) | |
tree | aee692962e07fd1e47006afe385085d4ef5c7679 /meta/recipes-connectivity/openssl/openssl/0005-nedded-for-CVE-2014-8275.patch | |
parent | 72bec03e72908b002355a3dba39c9b9caec2b473 (diff) | |
download | poky-13e4abbce92f9b7630563a0b7f9d8be6db3919c9.tar.gz |
openssl: multiple CVEs fixes
This patch addresses following CVEs:
CVE-2014-3569
CVE-2015-0204
CVE-2015-0205
CVE-2014-8275
CVE-2014-3571
CVE-2014-3570
Additional two patches (0004 & 0005) which were needed for CVE-2014-8275
have been backported from 1.0.1 stable (OpenSSL_1_0_1-stable) branch.
Reference
https://www.openssl.org/news/secadv_20150108.txt
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl/0005-nedded-for-CVE-2014-8275.patch')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/0005-nedded-for-CVE-2014-8275.patch | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0005-nedded-for-CVE-2014-8275.patch b/meta/recipes-connectivity/openssl/openssl/0005-nedded-for-CVE-2014-8275.patch new file mode 100644 index 0000000000..7143ee7d2e --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0005-nedded-for-CVE-2014-8275.patch | |||
@@ -0,0 +1,66 @@ | |||
1 | From 5a1e8c67a90aead86ccc2dda324e8f897d1a044d Mon Sep 17 00:00:00 2001 | ||
2 | From: Kurt Roeckx <kurt@roeckx.be> | ||
3 | Date: Mon, 15 Dec 2014 17:15:16 +0100 | ||
4 | Subject: [PATCH] Return error when a bit string indicates an invalid amount of | ||
5 | bits left | ||
6 | |||
7 | Reviewed-by: Matt Caswell <matt@openssl.org> | ||
8 | |||
9 | Upstream-Status: Backport | ||
10 | |||
11 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
12 | --- | ||
13 | crypto/asn1/a_bitstr.c | 7 ++++++- | ||
14 | crypto/asn1/asn1.h | 1 + | ||
15 | crypto/asn1/asn1_err.c | 1 + | ||
16 | 3 files changed, 8 insertions(+), 1 deletion(-) | ||
17 | |||
18 | diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c | ||
19 | index 0cb899f..4ca4a56 100644 | ||
20 | --- a/crypto/asn1/a_bitstr.c | ||
21 | +++ b/crypto/asn1/a_bitstr.c | ||
22 | @@ -136,11 +136,16 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, | ||
23 | |||
24 | p= *pp; | ||
25 | i= *(p++); | ||
26 | + if (i > 7) | ||
27 | + { | ||
28 | + i=ASN1_R_INVALID_BIT_STRING_BITS_LEFT; | ||
29 | + goto err; | ||
30 | + } | ||
31 | /* We do this to preserve the settings. If we modify | ||
32 | * the settings, via the _set_bit function, we will recalculate | ||
33 | * on output */ | ||
34 | ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */ | ||
35 | - ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */ | ||
36 | + ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|i); /* set */ | ||
37 | |||
38 | if (len-- > 1) /* using one because of the bits left byte */ | ||
39 | { | ||
40 | diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h | ||
41 | index ed1a28a..37adcb3 100644 | ||
42 | --- a/crypto/asn1/asn1.h | ||
43 | +++ b/crypto/asn1/asn1.h | ||
44 | @@ -1350,6 +1350,7 @@ void ERR_load_ASN1_strings(void); | ||
45 | #define ASN1_R_ILLEGAL_TIME_VALUE 184 | ||
46 | #define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 | ||
47 | #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 | ||
48 | +#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 | ||
49 | #define ASN1_R_INVALID_BMPSTRING_LENGTH 129 | ||
50 | #define ASN1_R_INVALID_DIGIT 130 | ||
51 | #define ASN1_R_INVALID_MIME_TYPE 205 | ||
52 | diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c | ||
53 | index 0217049..6eb47f7 100644 | ||
54 | --- a/crypto/asn1/asn1_err.c | ||
55 | +++ b/crypto/asn1/asn1_err.c | ||
56 | @@ -249,6 +249,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= | ||
57 | {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE) ,"illegal time value"}, | ||
58 | {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"}, | ||
59 | {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"}, | ||
60 | +{ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),"invalid bit string bits left"}, | ||
61 | {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"}, | ||
62 | {ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"}, | ||
63 | {ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"}, | ||
64 | -- | ||
65 | 1.9.1 | ||
66 | |||