fix CVE-2018-1000654
This commit is contained in:
yeah_wang
parent
e876c8a6c0
commit
67bf19aee9
121
CVE-2018-1000654.spec
Normal file
121
CVE-2018-1000654.spec
Normal file
@ -0,0 +1,121 @@
|
||||
From 9c40f7796c9d33179b602f65f4b587d175fba23c Mon Sep 17 00:00:00 2001
|
||||
From: Mike Gorse <mgorse@alum.wpi.edu>
|
||||
Date: Thu, 11 Apr 2019 11:14:58 -0500
|
||||
Subject: [PATCH 1/2] _asn1_expand_object_id: Limit recursion
|
||||
|
||||
Resolves #4
|
||||
---
|
||||
lib/parser_aux.c | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/parser_aux.c b/lib/parser_aux.c
|
||||
index 786ea64..08c2167 100644
|
||||
--- a/lib/parser_aux.c
|
||||
+++ b/lib/parser_aux.c
|
||||
@@ -675,7 +675,7 @@ _asn1_expand_object_id (asn1_node node)
|
||||
{
|
||||
asn1_node p, p2, p3, p4, p5;
|
||||
char name_root[ASN1_MAX_NAME_SIZE], name2[2 * ASN1_MAX_NAME_SIZE + 1];
|
||||
- int move, tlen;
|
||||
+ int move, tlen, tries;
|
||||
|
||||
if (node == NULL)
|
||||
return ASN1_ELEMENT_NOT_FOUND;
|
||||
@@ -684,6 +684,7 @@ _asn1_expand_object_id (asn1_node node)
|
||||
|
||||
p = node;
|
||||
move = DOWN;
|
||||
+ tries = 0;
|
||||
|
||||
while (!((p == node) && (move == UP)))
|
||||
{
|
||||
@@ -738,7 +739,9 @@ _asn1_expand_object_id (asn1_node node)
|
||||
p4 = p4->right;
|
||||
}
|
||||
move = DOWN;
|
||||
- continue;
|
||||
+ tries++;
|
||||
+ if (tries < 3)
|
||||
+ continue;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -747,6 +750,7 @@ _asn1_expand_object_id (asn1_node node)
|
||||
else
|
||||
move = RIGHT;
|
||||
|
||||
+ tries = 0;
|
||||
if (move == DOWN)
|
||||
{
|
||||
if (p->down)
|
||||
--
|
||||
From 57d6bc19d44b0693023031c6dbc0d21a36550f34 Mon Sep 17 00:00:00 2001
|
||||
From: Mike Gorse <mgorse@alum.wpi.edu>
|
||||
Date: Thu, 25 Apr 2019 16:40:18 -0500
|
||||
Subject: [PATCH 2/2] Add reproducer for issues/4 to Test_tree.asn
|
||||
|
||||
---
|
||||
tests/Test_tree.asn | 9 +++++++++
|
||||
tests/Test_tree_asn1_tab.c | 13 +++++++++++--
|
||||
2 files changed, 20 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/tests/Test_tree.asn b/tests/Test_tree.asn
|
||||
index 0ad0dc5..a253bc8 100644
|
||||
--- a/tests/Test_tree.asn
|
||||
+++ b/tests/Test_tree.asn
|
||||
@@ -154,6 +154,15 @@ X520LocalityName ::= CHOICE {
|
||||
bmpString BMPString }
|
||||
|
||||
|
||||
+id-xnyTest OBJECT IDENTIFIER ::= {id-ix 29 1}
|
||||
+id-ix OBJECR ::= {id-ix 29 2}
|
||||
+BMPString ::= OCTET S
|
||||
+}
|
||||
+UniversalString : BY id O}
|
||||
+id-ix OBJECT IDENTIFIER ::= {2 5}
|
||||
+id-xnyTest OBJECT IDENTIFIER ::= {id-ix 29 1}
|
||||
+anyTest2 ::= INTEGER
|
||||
+
|
||||
id-Test OBJECT IDENTIFIER ::= {1 2 29 2}
|
||||
|
||||
END
|
||||
diff --git a/tests/Test_tree_asn1_tab.c b/tests/Test_tree_asn1_tab.c
|
||||
index 7869f85..0f211c8 100644
|
||||
--- a/tests/Test_tree_asn1_tab.c
|
||||
+++ b/tests/Test_tree_asn1_tab.c
|
||||
@@ -68,7 +68,7 @@ const asn1_static_node Test_tree_asn1_tab[] = {
|
||||
{ "set", 1610612751, NULL },
|
||||
{ NULL, 3, NULL },
|
||||
{ "oid", 1073741836, NULL },
|
||||
- { "time2", 1082130449, NULL },
|
||||
+ { "time2", 1073741861, NULL },
|
||||
{ "bol", 1073741828, NULL },
|
||||
{ "oct", 1073741831, NULL },
|
||||
{ "bit", 1073758214, NULL },
|
||||
@@ -81,7 +81,7 @@ const asn1_static_node Test_tree_asn1_tab[] = {
|
||||
{ "any", 1610637325, NULL },
|
||||
{ NULL, 4104, "1"},
|
||||
{ "gen", 1073758235, NULL },
|
||||
- { "time1", 16777233, NULL },
|
||||
+ { "time1", 36, NULL },
|
||||
{ "SequenceTestTag", 1610612741, NULL },
|
||||
{ "int1", 1610620931, NULL },
|
||||
{ NULL, 2056, "2"},
|
||||
@@ -160,6 +160,15 @@ const asn1_static_node Test_tree_asn1_tab[] = {
|
||||
{ "universalString", 1073741856, NULL },
|
||||
{ "utf8String", 1073741858, NULL },
|
||||
{ "bmpString", 33, NULL },
|
||||
+ { "id-xnyTest", 1879048204, NULL },
|
||||
+ { NULL, 1073741825, "id-ix"},
|
||||
+ { NULL, 1073741825, "29"},
|
||||
+ { NULL, 1, "1"},
|
||||
+ { "id-ix", 1880096780, "OBJECR"},
|
||||
+ { NULL, 1073741825, "id-ix"},
|
||||
+ { NULL, 1073741825, "29"},
|
||||
+ { NULL, 1, "2"},
|
||||
+ { "BMPString", 1073741827, NULL },
|
||||
{ "id-Test", 805306380, NULL },
|
||||
{ NULL, 1073741825, "1"},
|
||||
{ NULL, 1073741825, "2"},
|
||||
--
|
||||
2.20.1
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: Libtasn1 is a ASN.1 parsing library
|
||||
Name: libtasn1
|
||||
Version: 4.13
|
||||
Release: 6
|
||||
Release: 7
|
||||
|
||||
# The libtasn1 library is LGPLv2+, utilities are GPLv3+
|
||||
License: GPLv3+ and LGPLv2+
|
||||
@ -9,6 +9,8 @@ URL: http://www.gnu.org/software/libtasn1/
|
||||
Source0: http://ftp.gnu.org/gnu/libtasn1/%name-%version.tar.gz
|
||||
Source1: http://ftp.gnu.org/gnu/libtasn1/%name-%version.tar.gz.sig
|
||||
|
||||
Patch0000: CVE-2018-1000654.spec
|
||||
|
||||
BuildRequires: gcc, autoconf, automake, libtool, gnupg2, bison, pkgconfig, help2man, valgrind-devel
|
||||
Provides: bundled(gnulib) = 20130324
|
||||
Provides: %{name}-tools = %{version}-%{release}
|
||||
@ -78,6 +80,9 @@ test "$1" = 0 -a -f %_infodir/%name.info.gz && \
|
||||
%{_infodir}/*.info.*
|
||||
|
||||
%changelog
|
||||
* Fri Mar 20 2020 wangye <wangye54@huawei.com> - 4.13-7
|
||||
- Fix CVE-2018-1000654
|
||||
|
||||
* Sun Jan 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 4.13-6
|
||||
- simplify functions
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user