diff options
Diffstat (limited to 'meta/recipes-support/gnutls/gnutls/CVE-2020-13777-b.patch')
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/CVE-2020-13777-b.patch | 137 |
1 files changed, 137 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-b.patch b/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-b.patch new file mode 100644 index 0000000000..12486e1710 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-b.patch | |||
@@ -0,0 +1,137 @@ | |||
1 | From 6c7f9703e42bc5278d0a4a6f0a39d07d62123ea3 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daiki Ueno <dueno@redhat.com> | ||
3 | Date: Tue, 31 Mar 2020 06:58:48 +0200 | ||
4 | Subject: [PATCH 2/3] build: use valgrind client request to detect undefined | ||
5 | memory use | ||
6 | |||
7 | commit 50ad8778a81f9421effa4c5a3b457f98e559b178 from https://gitlab.com/gnutls/gnutls.git | ||
8 | |||
9 | This tightens the check introduced in | ||
10 | ac2f71b892d13a7ab4cc39086eef179042c7e23c, by using the valgrind client | ||
11 | request to explicitly mark the "uninitialized but initialization is | ||
12 | needed before use" regions. With this patch and the | ||
13 | fix (c01011c2d8533dbbbe754e49e256c109cb848d0d) reverted, you will see | ||
14 | the following error when running dtls_hello_random_value under | ||
15 | valgrind: | ||
16 | |||
17 | $ valgrind ./dtls_hello_random_value | ||
18 | testing: default | ||
19 | ==520145== Conditional jump or move depends on uninitialised value(s) | ||
20 | ==520145== at 0x4025F5: hello_callback (dtls_hello_random_value.c:90) | ||
21 | ==520145== by 0x488BF97: _gnutls_call_hook_func (handshake.c:1215) | ||
22 | ==520145== by 0x488C1AA: _gnutls_send_handshake2 (handshake.c:1332) | ||
23 | ==520145== by 0x488FC7E: send_client_hello (handshake.c:2290) | ||
24 | ==520145== by 0x48902A1: handshake_client (handshake.c:2908) | ||
25 | ==520145== by 0x48902A1: gnutls_handshake (handshake.c:2740) | ||
26 | ==520145== by 0x402CB3: client (dtls_hello_random_value.c:153) | ||
27 | ==520145== by 0x402CB3: start (dtls_hello_random_value.c:317) | ||
28 | ==520145== by 0x402EFE: doit (dtls_hello_random_value.c:331) | ||
29 | ==520145== by 0x4023D4: main (utils.c:254) | ||
30 | ==520145== | ||
31 | |||
32 | Upstream-Status: Backport | ||
33 | |||
34 | Signed-off-by: Daiki Ueno <dueno@redhat.com> | ||
35 | Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> | ||
36 | --- | ||
37 | configure.ac | 2 ++ | ||
38 | lib/handshake.c | 15 +++++++++++++++ | ||
39 | lib/state.c | 21 ++++++++++++++++++--- | ||
40 | 3 files changed, 35 insertions(+), 3 deletions(-) | ||
41 | |||
42 | diff --git a/configure.ac b/configure.ac | ||
43 | index 172cf42..12da283 100644 | ||
44 | --- a/configure.ac | ||
45 | +++ b/configure.ac | ||
46 | @@ -233,6 +233,8 @@ AS_IF([test "$ac_cv_search___atomic_load_4" = "none required" || test "$ac_cv_se | ||
47 | dnl We use its presence to detect C11 threads | ||
48 | AC_CHECK_HEADERS([threads.h]) | ||
49 | |||
50 | +AC_CHECK_HEADERS([valgrind/memcheck.h]) | ||
51 | + | ||
52 | AC_ARG_ENABLE(padlock, | ||
53 | AS_HELP_STRING([--disable-padlock], [unconditionally disable padlock acceleration]), | ||
54 | use_padlock=$enableval) | ||
55 | diff --git a/lib/handshake.c b/lib/handshake.c | ||
56 | index 84a0e52..8d58fa4 100644 | ||
57 | --- a/lib/handshake.c | ||
58 | +++ b/lib/handshake.c | ||
59 | @@ -57,6 +57,9 @@ | ||
60 | #include "secrets.h" | ||
61 | #include "tls13/session_ticket.h" | ||
62 | #include "locks.h" | ||
63 | +#ifdef HAVE_VALGRIND_MEMCHECK_H | ||
64 | +#include <valgrind/memcheck.h> | ||
65 | +#endif | ||
66 | |||
67 | #define TRUE 1 | ||
68 | #define FALSE 0 | ||
69 | @@ -242,6 +245,12 @@ int _gnutls_gen_client_random(gnutls_session_t session) | ||
70 | return gnutls_assert_val(ret); | ||
71 | } | ||
72 | |||
73 | +#ifdef HAVE_VALGRIND_MEMCHECK_H | ||
74 | + if (RUNNING_ON_VALGRIND) | ||
75 | + VALGRIND_MAKE_MEM_DEFINED(session->security_parameters.client_random, | ||
76 | + GNUTLS_RANDOM_SIZE); | ||
77 | +#endif | ||
78 | + | ||
79 | return 0; | ||
80 | } | ||
81 | |||
82 | @@ -320,6 +329,12 @@ int _gnutls_gen_server_random(gnutls_session_t session, int version) | ||
83 | return ret; | ||
84 | } | ||
85 | |||
86 | +#ifdef HAVE_VALGRIND_MEMCHECK_H | ||
87 | + if (RUNNING_ON_VALGRIND) | ||
88 | + VALGRIND_MAKE_MEM_DEFINED(session->security_parameters.server_random, | ||
89 | + GNUTLS_RANDOM_SIZE); | ||
90 | +#endif | ||
91 | + | ||
92 | return 0; | ||
93 | } | ||
94 | |||
95 | diff --git a/lib/state.c b/lib/state.c | ||
96 | index 0e1d155..98900c1 100644 | ||
97 | --- a/lib/state.c | ||
98 | +++ b/lib/state.c | ||
99 | @@ -55,6 +55,9 @@ | ||
100 | #include "ext/cert_types.h" | ||
101 | #include "locks.h" | ||
102 | #include "kx.h" | ||
103 | +#ifdef HAVE_VALGRIND_MEMCHECK_H | ||
104 | +#include <valgrind/memcheck.h> | ||
105 | +#endif | ||
106 | |||
107 | /* to be used by supplemental data support to disable TLS1.3 | ||
108 | * when supplemental data have been globally registered */ | ||
109 | @@ -564,10 +567,22 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags) | ||
110 | UINT32_MAX; | ||
111 | } | ||
112 | |||
113 | - /* everything else not initialized here is initialized | ||
114 | - * as NULL or 0. This is why calloc is used. | ||
115 | + /* Everything else not initialized here is initialized as NULL | ||
116 | + * or 0. This is why calloc is used. However, we want to | ||
117 | + * ensure that certain portions of data are initialized at | ||
118 | + * runtime before being used. Mark such regions with a | ||
119 | + * valgrind client request as undefined. | ||
120 | */ | ||
121 | - | ||
122 | +#ifdef HAVE_VALGRIND_MEMCHECK_H | ||
123 | + if (RUNNING_ON_VALGRIND) { | ||
124 | + if (flags & GNUTLS_CLIENT) | ||
125 | + VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.client_random, | ||
126 | + GNUTLS_RANDOM_SIZE); | ||
127 | + if (flags & GNUTLS_SERVER) | ||
128 | + VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.server_random, | ||
129 | + GNUTLS_RANDOM_SIZE); | ||
130 | + } | ||
131 | +#endif | ||
132 | handshake_internal_state_clear1(*session); | ||
133 | |||
134 | #ifdef HAVE_WRITEV | ||
135 | -- | ||
136 | 2.17.1 | ||
137 | |||