summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2015-09-14 10:04:32 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-01-30 12:03:13 (GMT)
commit8cf47f82b945c6940461da9d3358fca0a454d7bf (patch)
tree85f9393adb59096d24ac12b2074bb06b90ba953f
parent8ef55cc0da13c96349f665987f2bcf9e64eebf8a (diff)
downloadpoky-8cf47f82b945c6940461da9d3358fca0a454d7bf.tar.gz
libtasn1: CVE-2015-3622
_asn1_extract_der_octet: prevent past of boundary access References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622 http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=patch; h=f979435823a02f842c41d49cd41cc81f25b5d677 (From OE-Core rev: 61bee3f813127c91d75a2af5197bdc874483a1fd) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch44
-rw-r--r--meta/recipes-support/gnutls/libtasn1_4.0.bb1
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch b/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch
new file mode 100644
index 0000000..0989ef6
--- /dev/null
+++ b/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch
@@ -0,0 +1,44 @@
1From f979435823a02f842c41d49cd41cc81f25b5d677 Mon Sep 17 00:00:00 2001
2From: Nikos Mavrogiannopoulos <nmav@redhat.com>
3Date: Mon, 20 Apr 2015 14:56:27 +0200
4Subject: [PATCH] _asn1_extract_der_octet: prevent past of boundary access
5
6Fixes CVE-2015-3622.
7Upstream-Status: Backport
8
9Reported by Hanno Böck.
10---
11 lib/decoding.c | 3 ++-
12 1 files changed, 2 insertions(+), 1 deletions(-)
13
14diff --git a/lib/decoding.c b/lib/decoding.c
15index 7fbd931..42ddc6b 100644
16--- a/lib/decoding.c
17+++ b/lib/decoding.c
18@@ -732,6 +732,7 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
19 return ASN1_DER_ERROR;
20
21 counter = len3 + 1;
22+ DECR_LEN(der_len, len3);
23
24 if (len2 == -1)
25 counter_end = der_len - 2;
26@@ -740,6 +741,7 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
27
28 while (counter < counter_end)
29 {
30+ DECR_LEN(der_len, 1);
31 len2 = asn1_get_length_der (der + counter, der_len, &len3);
32
33 if (IS_ERR(len2, flags))
34@@ -764,7 +766,6 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
35 len2 = 0;
36 }
37
38- DECR_LEN(der_len, 1);
39 counter += len2 + len3 + 1;
40 }
41
42--
431.7.2.5
44
diff --git a/meta/recipes-support/gnutls/libtasn1_4.0.bb b/meta/recipes-support/gnutls/libtasn1_4.0.bb
index 289833ec..16cf4d6 100644
--- a/meta/recipes-support/gnutls/libtasn1_4.0.bb
+++ b/meta/recipes-support/gnutls/libtasn1_4.0.bb
@@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
11SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ 11SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \
12 file://libtasn1_fix_for_automake_1.12.patch \ 12 file://libtasn1_fix_for_automake_1.12.patch \
13 file://dont-depend-on-help2man.patch \ 13 file://dont-depend-on-help2man.patch \
14 file://libtasn1-CVE-2015-3622.patch \
14 " 15 "
15 16
16SRC_URI[md5sum] = "d3d2d9bce3b6668b9827a9df52635be1" 17SRC_URI[md5sum] = "d3d2d9bce3b6668b9827a9df52635be1"