diff options
| author | Sona Sarmadi <sona.sarmadi@enea.com> | 2015-12-14 09:36:45 +0100 |
|---|---|---|
| committer | Mihaela Martinas <Mihaela.Martinas@enea.com> | 2015-12-14 13:57:13 +0100 |
| commit | 265f875c5aeb50e2cb443315ea3674a93d7024b5 (patch) | |
| tree | 6381aa1e0f80d87c6e95316ba4d34541553c41a9 /meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-parameter-check.patch | |
| parent | cdf91befc739cbeae281e7bd4a4ff0028e6e10c6 (diff) | |
| download | poky-265f875c5aeb50e2cb443315ea3674a93d7024b5.tar.gz | |
openssl: CVE-2015-3194, CVE-2015-3195
Fixes following vulnerabilities:
Certificate verify crash with missing PSS parameter (CVE-2015-3194)
X509_ATTRIBUTE memory leak (CVE-2015-3195)
References:
https://openssl.org/news/secadv/20151203.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-parameter-check.patch')
| -rw-r--r-- | meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-parameter-check.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-parameter-check.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-parameter-check.patch new file mode 100644 index 0000000000..3c00bc1d0d --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-parameter-check.patch | |||
| @@ -0,0 +1,35 @@ | |||
| 1 | Date: Fri, 2 Oct 2015 13:10:29 +0100 | ||
| 2 | Subject: [PATCH] Add PSS parameter check. | ||
| 3 | |||
| 4 | Avoid seg fault by checking mgf1 parameter is not NULL. This can be | ||
| 5 | triggered during certificate verification so could be a DoS attack | ||
| 6 | against a client or a server enabling client authentication. | ||
| 7 | |||
| 8 | Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug. | ||
| 9 | |||
| 10 | CVE-2015-3194 | ||
| 11 | |||
| 12 | Upstream-Status: Backport | ||
| 13 | |||
| 14 | Reviewed-by: Matt Caswell <matt@openssl.org> | ||
| 15 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
| 16 | --- | ||
| 17 | crypto/rsa/rsa_ameth.c | 2 +- | ||
| 18 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 19 | |||
| 20 | diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c | ||
| 21 | index 93e071d..c7f1148 100644 | ||
| 22 | --- a/crypto/rsa/rsa_ameth.c | ||
| 23 | +++ b/crypto/rsa/rsa_ameth.c | ||
| 24 | @@ -279,7 +279,7 @@ static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg, | ||
| 25 | if (pss->maskGenAlgorithm) { | ||
| 26 | ASN1_TYPE *param = pss->maskGenAlgorithm->parameter; | ||
| 27 | if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 | ||
| 28 | - && param->type == V_ASN1_SEQUENCE) { | ||
| 29 | + && param && param->type == V_ASN1_SEQUENCE) { | ||
| 30 | p = param->value.sequence->data; | ||
| 31 | plen = param->value.sequence->length; | ||
| 32 | *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen); | ||
| 33 | -- | ||
| 34 | 1.9.1 | ||
| 35 | |||