GNU bug report logs - #27829
[PATCH] gnu: libtasn1: Fix CVE-2017-10790.

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Tue, 25 Jul 2017 19:28:02 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 27829 in the body.
You can then email your comments to 27829 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#27829; Package guix-patches. (Tue, 25 Jul 2017 19:28:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Leo Famulari <leo <at> famulari.name>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Tue, 25 Jul 2017 19:28:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: guix-patches <at> gnu.org
Subject: [PATCH] gnu: libtasn1: Fix CVE-2017-10790.
Date: Tue, 25 Jul 2017 15:26:39 -0400

* gnu/packages/patches/libtasn1-CVE-2017-10790.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/tls.scm (libtasn1/fixed)[source]: Use it.
---
 gnu/local.mk                                       |  1 +
 gnu/packages/patches/libtasn1-CVE-2017-10790.patch | 63 ++++++++++++++++++++++
 gnu/packages/tls.scm                               |  3 +-
 3 files changed, 66 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/libtasn1-CVE-2017-10790.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index f5255feff..f93929f9e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -773,6 +773,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch	\
   %D%/packages/patches/libtar-CVE-2013-4420.patch 		\
   %D%/packages/patches/libtasn1-CVE-2017-6891.patch 		\
+  %D%/packages/patches/libtasn1-CVE-2017-10790.patch 		\
   %D%/packages/patches/libtheora-config-guess.patch		\
   %D%/packages/patches/libtiff-CVE-2016-10092.patch		\
   %D%/packages/patches/libtiff-CVE-2016-10093.patch		\
diff --git a/gnu/packages/patches/libtasn1-CVE-2017-10790.patch b/gnu/packages/patches/libtasn1-CVE-2017-10790.patch
new file mode 100644
index 000000000..6cec0c803
--- /dev/null
+++ b/gnu/packages/patches/libtasn1-CVE-2017-10790.patch
@@ -0,0 +1,63 @@
+Fix CVE-2017-10790:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790
+
+Patch copied from upstream source repository:
+
+https://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=d8d805e1f2e6799bb2dff4871a8598dc83088a39
+
+From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav <at> redhat.com>
+Date: Thu, 22 Jun 2017 16:31:37 +0200
+Subject: [PATCH] _asn1_check_identifier: safer access to values read
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav <at> redhat.com>
+---
+ lib/parser_aux.c | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/lib/parser_aux.c b/lib/parser_aux.c
+index 976ab38..786ea64 100644
+--- a/lib/parser_aux.c
++++ b/lib/parser_aux.c
+@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node)
+ 	  if (p2 == NULL)
+ 	    {
+ 	      if (p->value)
+-		_asn1_strcpy (_asn1_identifierMissing, p->value);
++		_asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value);
+ 	      else
+ 		_asn1_strcpy (_asn1_identifierMissing, "(null)");
+ 	      return ASN1_IDENTIFIER_NOT_FOUND;
+@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node)
+ 	  if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT))
+ 	    {
+ 	      _asn1_str_cpy (name2, sizeof (name2), node->name);
+-	      _asn1_str_cat (name2, sizeof (name2), ".");
+-	      _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
+-	      _asn1_strcpy (_asn1_identifierMissing, p2->value);
++	      if (p2->value)
++	        {
++	          _asn1_str_cat (name2, sizeof (name2), ".");
++	          _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
++	          _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
++	        }
++	      else
++		_asn1_strcpy (_asn1_identifierMissing, "(null)");
++
+ 	      p2 = asn1_find_node (node, name2);
+ 	      if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) ||
+ 		  !(p2->type & CONST_ASSIGN))
+@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node)
+ 		  _asn1_str_cpy (name2, sizeof (name2), node->name);
+ 		  _asn1_str_cat (name2, sizeof (name2), ".");
+ 		  _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
+-		  _asn1_strcpy (_asn1_identifierMissing, p2->value);
++		  _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
++
+ 		  p2 = asn1_find_node (node, name2);
+ 		  if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID)
+ 		      || !(p2->type & CONST_ASSIGN))
+-- 
+2.13.3
+
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 0a81633aa..106cc48e7 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -81,7 +81,8 @@ specifications.")
       (origin
         (inherit (package-source libtasn1))
         (patches
-          (search-patches "libtasn1-CVE-2017-6891.patch"))))))
+          (search-patches "libtasn1-CVE-2017-6891.patch"
+                          "libtasn1-CVE-2017-10790.patch"))))))
 
 (define-public asn1c
   (package
-- 
2.13.3
Information forwarded to guix-patches <at> gnu.org:
bug#27829; Package guix-patches. (Tue, 25 Jul 2017 19:35:01 GMT) Full text and rfc822 format available.

Message #8 received at 27829 <at> debbugs.gnu.org (full text, mbox):

From: Marius Bakke <mbakke <at> fastmail.com>
To: Leo Famulari <leo <at> famulari.name>, 27829 <at> debbugs.gnu.org
Subject: Re: [bug#27829] [PATCH] gnu: libtasn1: Fix CVE-2017-10790.
Date: Tue, 25 Jul 2017 21:34:27 +0200

[Message part 1 (text/plain, inline)]
Leo Famulari <leo <at> famulari.name> writes:

> * gnu/packages/patches/libtasn1-CVE-2017-10790.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/tls.scm (libtasn1/fixed)[source]: Use it.

LGTM!

[signature.asc (application/pgp-signature, inline)]
Reply sent to Leo Famulari <leo <at> famulari.name>:
You have taken responsibility. (Sun, 06 Aug 2017 00:20:02 GMT) Full text and rfc822 format available.
Notification sent to Leo Famulari <leo <at> famulari.name>:
bug acknowledged by developer. (Sun, 06 Aug 2017 00:20:02 GMT) Full text and rfc822 format available.

Message #13 received at 27829-done <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Marius Bakke <mbakke <at> fastmail.com>
Cc: 27829-done <at> debbugs.gnu.org
Subject: Re: [bug#27829] [PATCH] gnu: libtasn1: Fix CVE-2017-10790.
Date: Sat, 5 Aug 2017 20:18:59 -0400

[Message part 1 (text/plain, inline)]
On Tue, Jul 25, 2017 at 09:34:27PM +0200, Marius Bakke wrote:
> Leo Famulari <leo <at> famulari.name> writes:
> 
> > * gnu/packages/patches/libtasn1-CVE-2017-10790.patch: New file.
> > * gnu/local.mk (dist_patch_DATA): Add it.
> > * gnu/packages/tls.scm (libtasn1/fixed)[source]: Use it.
> 
> LGTM!

Pushed as 01a61d7040b1794f36547b107abce6e967d59f21.

[signature.asc (application/pgp-signature, inline)]
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sun, 03 Sep 2017 11:24:04 GMT) Full text and rfc822 format available.
This bug report was last modified 8 years and 5 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.