From 577f1b0b2fba641106959758cd59250ea38d0a64 Mon Sep 17 00:00:00 2001 From: haiqing Date: Mon, 15 Jun 2020 16:15:24 +0800 Subject: gnutls: fixed CVE-2020-13777 GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket Backport the patch from upstream: https://gitlab.com/gnutls/gnutls.git commit c2646aeee94e71cb15c90a3147cf3b5b0ca158ca commit 50ad8778a81f9421effa4c5a3b457f98e559b178 commit 3d7fae761e65e9d0f16d7247ee8a464d4fe002da (From OE-Core rev: 86870cd2ff3555161ea5bb434740338ec20495a0) Signed-off-by: Haiqing Bai Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie --- .../gnutls/gnutls/CVE-2020-13777-b.patch | 137 +++++++++++++++++++++ 1 file changed, 137 insertions(+) create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2020-13777-b.patch (limited to 'meta/recipes-support/gnutls/gnutls/CVE-2020-13777-b.patch') diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-b.patch b/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-b.patch new file mode 100644 index 0000000000..12486e1710 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-b.patch @@ -0,0 +1,137 @@ +From 6c7f9703e42bc5278d0a4a6f0a39d07d62123ea3 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Tue, 31 Mar 2020 06:58:48 +0200 +Subject: [PATCH 2/3] build: use valgrind client request to detect undefined + memory use + +commit 50ad8778a81f9421effa4c5a3b457f98e559b178 from https://gitlab.com/gnutls/gnutls.git + +This tightens the check introduced in +ac2f71b892d13a7ab4cc39086eef179042c7e23c, by using the valgrind client +request to explicitly mark the "uninitialized but initialization is +needed before use" regions. With this patch and the +fix (c01011c2d8533dbbbe754e49e256c109cb848d0d) reverted, you will see +the following error when running dtls_hello_random_value under +valgrind: + + $ valgrind ./dtls_hello_random_value + testing: default + ==520145== Conditional jump or move depends on uninitialised value(s) + ==520145== at 0x4025F5: hello_callback (dtls_hello_random_value.c:90) + ==520145== by 0x488BF97: _gnutls_call_hook_func (handshake.c:1215) + ==520145== by 0x488C1AA: _gnutls_send_handshake2 (handshake.c:1332) + ==520145== by 0x488FC7E: send_client_hello (handshake.c:2290) + ==520145== by 0x48902A1: handshake_client (handshake.c:2908) + ==520145== by 0x48902A1: gnutls_handshake (handshake.c:2740) + ==520145== by 0x402CB3: client (dtls_hello_random_value.c:153) + ==520145== by 0x402CB3: start (dtls_hello_random_value.c:317) + ==520145== by 0x402EFE: doit (dtls_hello_random_value.c:331) + ==520145== by 0x4023D4: main (utils.c:254) + ==520145== + +Upstream-Status: Backport + +Signed-off-by: Daiki Ueno +Signed-off-by: Haiqing Bai +--- + configure.ac | 2 ++ + lib/handshake.c | 15 +++++++++++++++ + lib/state.c | 21 ++++++++++++++++++--- + 3 files changed, 35 insertions(+), 3 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 172cf42..12da283 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -233,6 +233,8 @@ AS_IF([test "$ac_cv_search___atomic_load_4" = "none required" || test "$ac_cv_se + dnl We use its presence to detect C11 threads + AC_CHECK_HEADERS([threads.h]) + ++AC_CHECK_HEADERS([valgrind/memcheck.h]) ++ + AC_ARG_ENABLE(padlock, + AS_HELP_STRING([--disable-padlock], [unconditionally disable padlock acceleration]), + use_padlock=$enableval) +diff --git a/lib/handshake.c b/lib/handshake.c +index 84a0e52..8d58fa4 100644 +--- a/lib/handshake.c ++++ b/lib/handshake.c +@@ -57,6 +57,9 @@ + #include "secrets.h" + #include "tls13/session_ticket.h" + #include "locks.h" ++#ifdef HAVE_VALGRIND_MEMCHECK_H ++#include ++#endif + + #define TRUE 1 + #define FALSE 0 +@@ -242,6 +245,12 @@ int _gnutls_gen_client_random(gnutls_session_t session) + return gnutls_assert_val(ret); + } + ++#ifdef HAVE_VALGRIND_MEMCHECK_H ++ if (RUNNING_ON_VALGRIND) ++ VALGRIND_MAKE_MEM_DEFINED(session->security_parameters.client_random, ++ GNUTLS_RANDOM_SIZE); ++#endif ++ + return 0; + } + +@@ -320,6 +329,12 @@ int _gnutls_gen_server_random(gnutls_session_t session, int version) + return ret; + } + ++#ifdef HAVE_VALGRIND_MEMCHECK_H ++ if (RUNNING_ON_VALGRIND) ++ VALGRIND_MAKE_MEM_DEFINED(session->security_parameters.server_random, ++ GNUTLS_RANDOM_SIZE); ++#endif ++ + return 0; + } + +diff --git a/lib/state.c b/lib/state.c +index 0e1d155..98900c1 100644 +--- a/lib/state.c ++++ b/lib/state.c +@@ -55,6 +55,9 @@ + #include "ext/cert_types.h" + #include "locks.h" + #include "kx.h" ++#ifdef HAVE_VALGRIND_MEMCHECK_H ++#include ++#endif + + /* to be used by supplemental data support to disable TLS1.3 + * when supplemental data have been globally registered */ +@@ -564,10 +567,22 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags) + UINT32_MAX; + } + +- /* everything else not initialized here is initialized +- * as NULL or 0. This is why calloc is used. ++ /* Everything else not initialized here is initialized as NULL ++ * or 0. This is why calloc is used. However, we want to ++ * ensure that certain portions of data are initialized at ++ * runtime before being used. Mark such regions with a ++ * valgrind client request as undefined. + */ +- ++#ifdef HAVE_VALGRIND_MEMCHECK_H ++ if (RUNNING_ON_VALGRIND) { ++ if (flags & GNUTLS_CLIENT) ++ VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.client_random, ++ GNUTLS_RANDOM_SIZE); ++ if (flags & GNUTLS_SERVER) ++ VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.server_random, ++ GNUTLS_RANDOM_SIZE); ++ } ++#endif + handshake_internal_state_clear1(*session); + + #ifdef HAVE_WRITEV +-- +2.17.1 + -- cgit v1.2.3-54-g00ecf