packages/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bugfix Overflow when printing Thawte Strong Extranet

Browse Source
This commit is contained in:
hzero1996 2021-09-26 11:34:45 +08:00
parent a885320457
commit c485a7486b
2 changed files with 58 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
bugfix-Don-t-Overflow-when-printing-Thawte-Strong-Extranet-.patch Normal file
View File

@ -0,0 +1,53 @@
From 61b0fead5e6079ca826594df5b9ca00e65883cb0 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 19 Nov 2020 13:58:21 +0000
Subject: [PATCH] Don't Overflow when printing Thawte Strong Extranet Version
When printing human readable info on the Thawte Strong Extranet extension
the version number could overflow if the version number == LONG_MAX. This
is undefined behaviour.
Issue found by OSSFuzz.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13452)
---
crypto/x509v3/v3_sxnet.c | 18 +++++++++++++++---
1 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c
index 76f5eafc73..6e2b796a38 100644
--- a/crypto/x509v3/v3_sxnet.c
+++ b/crypto/x509v3/v3_sxnet.c
@@ -57,12 +57,24 @@ IMPLEMENT_ASN1_FUNCTIONS(SXNET)
static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
int indent)
{
- long v;
+ int64_t v;
char *tmp;
SXNETID *id;
int i;
- v = ASN1_INTEGER_get(sx->version);
- BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
+
+ /*
+ * Since we add 1 to the version number to display it, we don't support
+ * LONG_MAX since that would cause on overflow.
+ */
+ if (!ASN1_INTEGER_get_int64(&v, sx->version)
+ || v >= LONG_MAX
+ || v < LONG_MIN) {
+ BIO_printf(out, "%*sVersion: <unsupported>", indent, "");
+ } else {
+ long vl = (long)v;
+
+ BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", vl + 1, vl);
+ }
for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
id = sk_SXNETID_value(sx->ids, i);
tmp = i2s_ASN1_INTEGER(NULL, id->zone);
--
2.23.0

6
openssl.spec
View File

@ -2,7 +2,7 @@
Name: openssl
Epoch: 1
Version: 1.1.1f
Release: 7
Release: 8
Summary: Cryptography and SSL/TLS Toolkit
License: OpenSSL and SSLeay
URL: https://www.openssl.org/
@ -25,6 +25,7 @@ Patch14: CVE-2021-3711-0002-Correctly-calculate-the-length-of-SM2-plaintext-
Patch15: CVE-2021-3711-0003-Extend-tests-for-SM2-decryption.patch
Patch16: CVE-2021-3712-0001-Fix-a-read-buffer-overrun-in-X509_aux_print.patch
Patch17: CVE-2021-3712-0002-Fix-EC_GROUP_new_from_ecparameters-to-check-the-base.patch
Patch18: bugfix-Don-t-Overflow-when-printing-Thawte-Strong-Extranet-.patch
BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel
@ -201,6 +202,9 @@ make test || :
%{_pkgdocdir}/html/
%changelog
* Fri Sep 24 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-8
- bugfix Overflow when printing Thawte Strong Extranet
* Mon Aug 30 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-7
- fix the CVE-2021-3711 and CVE-2021-3712