From 01a61d7040b1794f36547b107abce6e967d59f21 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 25 Jul 2017 15:04:57 -0400 Subject: [PATCH] gnu: libtasn1: Fix CVE-2017-10790. * gnu/packages/patches/libtasn1-CVE-2017-10790.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/tls.scm (libtasn1/fixed)[source]: Use it. --- gnu/local.mk | 1 + .../patches/libtasn1-CVE-2017-10790.patch | 63 +++++++++++++++++++ gnu/packages/tls.scm | 3 +- 3 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libtasn1-CVE-2017-10790.patch diff --git a/gnu/local.mk b/gnu/local.mk index 1bece24418..9482d4bb53 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -775,6 +775,7 @@ dist_patch_DATA = \ %D%/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtasn1-CVE-2017-6891.patch \ + %D%/packages/patches/libtasn1-CVE-2017-10790.patch \ %D%/packages/patches/libtheora-config-guess.patch \ %D%/packages/patches/libtiff-CVE-2016-10092.patch \ %D%/packages/patches/libtiff-CVE-2016-10093.patch \ diff --git a/gnu/packages/patches/libtasn1-CVE-2017-10790.patch b/gnu/packages/patches/libtasn1-CVE-2017-10790.patch new file mode 100644 index 0000000000..6cec0c8030 --- /dev/null +++ b/gnu/packages/patches/libtasn1-CVE-2017-10790.patch @@ -0,0 +1,63 @@ +Fix CVE-2017-10790: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790 + +Patch copied from upstream source repository: + +https://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=d8d805e1f2e6799bb2dff4871a8598dc83088a39 + +From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Thu, 22 Jun 2017 16:31:37 +0200 +Subject: [PATCH] _asn1_check_identifier: safer access to values read + +Signed-off-by: Nikos Mavrogiannopoulos +--- + lib/parser_aux.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/lib/parser_aux.c b/lib/parser_aux.c +index 976ab38..786ea64 100644 +--- a/lib/parser_aux.c ++++ b/lib/parser_aux.c +@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node) + if (p2 == NULL) + { + if (p->value) +- _asn1_strcpy (_asn1_identifierMissing, p->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); + else + _asn1_strcpy (_asn1_identifierMissing, "(null)"); + return ASN1_IDENTIFIER_NOT_FOUND; +@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node) + if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) + { + _asn1_str_cpy (name2, sizeof (name2), node->name); +- _asn1_str_cat (name2, sizeof (name2), "."); +- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); +- _asn1_strcpy (_asn1_identifierMissing, p2->value); ++ if (p2->value) ++ { ++ _asn1_str_cat (name2, sizeof (name2), "."); ++ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); ++ } ++ else ++ _asn1_strcpy (_asn1_identifierMissing, "(null)"); ++ + p2 = asn1_find_node (node, name2); + if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || + !(p2->type & CONST_ASSIGN)) +@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node) + _asn1_str_cpy (name2, sizeof (name2), node->name); + _asn1_str_cat (name2, sizeof (name2), "."); + _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); +- _asn1_strcpy (_asn1_identifierMissing, p2->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); ++ + p2 = asn1_find_node (node, name2); + if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) + || !(p2->type & CONST_ASSIGN)) +-- +2.13.3 + diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 6d71a9b809..58ec9ff5ec 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -81,7 +81,8 @@ specifications.") (origin (inherit (package-source libtasn1)) (patches - (search-patches "libtasn1-CVE-2017-6891.patch")))))) + (search-patches "libtasn1-CVE-2017-6891.patch" + "libtasn1-CVE-2017-10790.patch")))))) (define-public asn1c (package