diff options
| author | Yue Tao <Yue.Tao@windriver.com> | 2017-08-15 02:55:23 -0700 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-08-17 00:21:14 +0100 |
| commit | f36bdb503fbbf8b5dd6e5ef22b326e1511e25c83 (patch) | |
| tree | 36c2ce8778274e23cac6dc0b907df0463e88bdf2 /meta/recipes-support | |
| parent | 4776599ad23d65effc152b85966374addea7834c (diff) | |
| download | poky-f36bdb503fbbf8b5dd6e5ef22b326e1511e25c83.tar.gz | |
libtasn1: CVE-2017-10790
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes
a NULL pointer dereference and crash when reading crafted input that
triggers assignment of a NULL value within an asn1_node structure. It
may lead to a remote denial of service attack.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-10790
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;
h=d8d805e1f2e6799bb2dff4871a8598dc83088a39
(From OE-Core rev: 6176151625c971de031e14c97601ffd75a29772f)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support')
| -rw-r--r-- | meta/recipes-support/gnutls/libtasn1/CVE-2017-10790.patch | 63 | ||||
| -rw-r--r-- | meta/recipes-support/gnutls/libtasn1_4.12.bb | 1 |
2 files changed, 64 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/libtasn1/CVE-2017-10790.patch b/meta/recipes-support/gnutls/libtasn1/CVE-2017-10790.patch new file mode 100644 index 0000000000..be843808a2 --- /dev/null +++ b/meta/recipes-support/gnutls/libtasn1/CVE-2017-10790.patch | |||
| @@ -0,0 +1,63 @@ | |||
| 1 | From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||
| 3 | Date: Thu, 22 Jun 2017 16:31:37 +0200 | ||
| 4 | Subject: [PATCH] _asn1_check_identifier: safer access to values read | ||
| 5 | |||
| 6 | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||
| 7 | |||
| 8 | http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=d8d805e1f2e6799bb2dff4871a8598dc83088a39 | ||
| 9 | Upstream-Status: Backport | ||
| 10 | |||
| 11 | CVE: CVE-2017-10790 | ||
| 12 | |||
| 13 | Signed-off-by: Yue Tao <Yue.Tao@windriver.com> | ||
| 14 | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> | ||
| 15 | --- | ||
| 16 | lib/parser_aux.c | 17 ++++++++++++----- | ||
| 17 | 1 file changed, 12 insertions(+), 5 deletions(-) | ||
| 18 | |||
| 19 | diff --git a/lib/parser_aux.c b/lib/parser_aux.c | ||
| 20 | index 976ab38..786ea64 100644 | ||
| 21 | --- a/lib/parser_aux.c | ||
| 22 | +++ b/lib/parser_aux.c | ||
| 23 | @@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node) | ||
| 24 | if (p2 == NULL) | ||
| 25 | { | ||
| 26 | if (p->value) | ||
| 27 | - _asn1_strcpy (_asn1_identifierMissing, p->value); | ||
| 28 | + _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); | ||
| 29 | else | ||
| 30 | _asn1_strcpy (_asn1_identifierMissing, "(null)"); | ||
| 31 | return ASN1_IDENTIFIER_NOT_FOUND; | ||
| 32 | @@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node) | ||
| 33 | if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) | ||
| 34 | { | ||
| 35 | _asn1_str_cpy (name2, sizeof (name2), node->name); | ||
| 36 | - _asn1_str_cat (name2, sizeof (name2), "."); | ||
| 37 | - _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); | ||
| 38 | - _asn1_strcpy (_asn1_identifierMissing, p2->value); | ||
| 39 | + if (p2->value) | ||
| 40 | + { | ||
| 41 | + _asn1_str_cat (name2, sizeof (name2), "."); | ||
| 42 | + _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); | ||
| 43 | + _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); | ||
| 44 | + } | ||
| 45 | + else | ||
| 46 | + _asn1_strcpy (_asn1_identifierMissing, "(null)"); | ||
| 47 | + | ||
| 48 | p2 = asn1_find_node (node, name2); | ||
| 49 | if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || | ||
| 50 | !(p2->type & CONST_ASSIGN)) | ||
| 51 | @@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node) | ||
| 52 | _asn1_str_cpy (name2, sizeof (name2), node->name); | ||
| 53 | _asn1_str_cat (name2, sizeof (name2), "."); | ||
| 54 | _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); | ||
| 55 | - _asn1_strcpy (_asn1_identifierMissing, p2->value); | ||
| 56 | + _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); | ||
| 57 | + | ||
| 58 | p2 = asn1_find_node (node, name2); | ||
| 59 | if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) | ||
| 60 | || !(p2->type & CONST_ASSIGN)) | ||
| 61 | -- | ||
| 62 | 1.7.9.5 | ||
| 63 | |||
diff --git a/meta/recipes-support/gnutls/libtasn1_4.12.bb b/meta/recipes-support/gnutls/libtasn1_4.12.bb index cec1a9b156..7a7571ad3b 100644 --- a/meta/recipes-support/gnutls/libtasn1_4.12.bb +++ b/meta/recipes-support/gnutls/libtasn1_4.12.bb | |||
| @@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ | |||
| 11 | SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ | 11 | SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ |
| 12 | file://dont-depend-on-help2man.patch \ | 12 | file://dont-depend-on-help2man.patch \ |
| 13 | file://0001-stdint.m4-reintroduce-GNULIB_OVERRIDES_WINT_T-check.patch \ | 13 | file://0001-stdint.m4-reintroduce-GNULIB_OVERRIDES_WINT_T-check.patch \ |
| 14 | file://CVE-2017-10790.patch \ | ||
| 14 | " | 15 | " |
| 15 | 16 | ||
| 16 | DEPENDS = "bison-native" | 17 | DEPENDS = "bison-native" |