Skip to content

openssl: switch to patch series, backport ASN.1 integer overflow security fix #1893

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
kaniini wants to merge 1 commit into from
Closed

openssl: switch to patch series, backport ASN.1 integer overflow security fix #1893

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 2 additions & 10 deletions openssl.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package:
name: openssl
version: 3.1.0
epoch: 5
epoch: 6
description: "the OpenSSL cryptography suite"
copyright:
- license: Apache-2.0
Expand Down Expand Up @@ -65,15 +65,7 @@ pipeline:

- uses: patch
with:
patches: CVE-2023-0464.patch

- uses: patch
with:
patches: CVE-2023-0465.patch

- uses: patch
with:
patches: CVE-2023-1255.patch
series: base-series

- name: Configure and build
runs: |
Expand Down
43 changes: 43 additions & 0 deletions openssl/3410cc-asn1-bitstring-overflow.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
From 3410cc0c8bbcf9216b42d47d7a61e379dd6fda89 Mon Sep 17 00:00:00 2001
From: mlitre <martinlitre@mac.com>
Date: Mon, 1 May 2023 11:07:21 +0200
Subject: [PATCH] Add negative integer check when using ASN1_BIT_STRING

The negative integer check is done to prevent potential overflow.
Fixes #20719.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20862)

(cherry picked from commit 1258a8e4361320cd3cfaf9ede692492ce01034c8)
---
crypto/asn1/a_bitstr.c | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
index 7c256493571e..462aa10aa10f 100644
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -148,6 +148,9 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
int w, v, iv;
unsigned char *c;

+ if (n < 0)
+ return 0;
+
w = n / 8;
v = 1 << (7 - (n & 0x07));
iv = ~v;
@@ -182,6 +185,9 @@ int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
{
int w, v;

+ if (n < 0)
+ return 0;
+
w = n / 8;
v = 1 << (7 - (n & 0x07));
if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL))
8 changes: 8 additions & 0 deletions openssl/base-series
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# CHECK-WHEN-VERSION-CHANGES: 3.1.0
# CVE fixes (< 3.1.1)
CVE-2023-0464.patch
CVE-2023-0465.patch
CVE-2023-1255.patch

# Other security fixes (< 3.1.1)
3410cc-asn1-bitstring-overflow.patch