/[smecontribs]/rpms/openssl3/contribs10/0105-CVE-2023-0216-pkcs7-deref.patch
ViewVC logotype

Annotation of /rpms/openssl3/contribs10/0105-CVE-2023-0216-pkcs7-deref.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Wed Jan 31 17:24:52 2024 UTC (8 months, 2 weeks ago) by jpp
Branch: MAIN
CVS Tags: openssl3-3_0_7-5_el7_sme_1, HEAD
Initial import

1 jpp 1.1 From 934a04f0e775309cadbef0aa6b9692e1b12a76c6 Mon Sep 17 00:00:00 2001
2     From: Tomas Mraz <tomas@openssl.org>
3     Date: Mon, 16 Jan 2023 19:45:23 +0100
4     Subject: [PATCH 08/18] Do not dereference PKCS7 object data if not set
5    
6     Fixes CVE-2023-0216
7    
8     Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
9     Reviewed-by: Paul Dale <pauli@openssl.org>
10     ---
11     crypto/pkcs7/pk7_lib.c | 16 ++++++++++++----
12     1 file changed, 12 insertions(+), 4 deletions(-)
13    
14     diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
15     index 753f1276e6..936e50da54 100644
16     --- a/crypto/pkcs7/pk7_lib.c
17     +++ b/crypto/pkcs7/pk7_lib.c
18     @@ -414,6 +414,8 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
19    
20     static STACK_OF(X509) *pkcs7_get_signer_certs(const PKCS7 *p7)
21     {
22     + if (p7->d.ptr == NULL)
23     + return NULL;
24     if (PKCS7_type_is_signed(p7))
25     return p7->d.sign->cert;
26     if (PKCS7_type_is_signedAndEnveloped(p7))
27     @@ -423,6 +425,8 @@ static STACK_OF(X509) *pkcs7_get_signer_certs(const PKCS7 *p7)
28    
29     static STACK_OF(PKCS7_RECIP_INFO) *pkcs7_get_recipient_info(const PKCS7 *p7)
30     {
31     + if (p7->d.ptr == NULL)
32     + return NULL;
33     if (PKCS7_type_is_signedAndEnveloped(p7))
34     return p7->d.signed_and_enveloped->recipientinfo;
35     if (PKCS7_type_is_enveloped(p7))
36     @@ -440,13 +444,17 @@ void ossl_pkcs7_resolve_libctx(PKCS7 *p7)
37     const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7);
38     OSSL_LIB_CTX *libctx = ossl_pkcs7_ctx_get0_libctx(ctx);
39     const char *propq = ossl_pkcs7_ctx_get0_propq(ctx);
40     - STACK_OF(PKCS7_RECIP_INFO) *rinfos = pkcs7_get_recipient_info(p7);
41     - STACK_OF(PKCS7_SIGNER_INFO) *sinfos = PKCS7_get_signer_info(p7);
42     - STACK_OF(X509) *certs = pkcs7_get_signer_certs(p7);
43     + STACK_OF(PKCS7_RECIP_INFO) *rinfos;
44     + STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
45     + STACK_OF(X509) *certs;
46    
47     - if (ctx == NULL)
48     + if (ctx == NULL || p7->d.ptr == NULL)
49     return;
50    
51     + rinfos = pkcs7_get_recipient_info(p7);
52     + sinfos = PKCS7_get_signer_info(p7);
53     + certs = pkcs7_get_signer_certs(p7);
54     +
55     for (i = 0; i < sk_X509_num(certs); i++)
56     ossl_x509_set0_libctx(sk_X509_value(certs, i), libctx, propq);
57    
58     --
59     2.39.1
60    
61     From 67813d8a4d110f4174bbd2fee8a2f15388e324b5 Mon Sep 17 00:00:00 2001
62     From: Tomas Mraz <tomas@openssl.org>
63     Date: Mon, 16 Jan 2023 19:56:20 +0100
64     Subject: [PATCH 09/18] Add test for d2i_PKCS7 NULL dereference
65    
66     Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
67     Reviewed-by: Paul Dale <pauli@openssl.org>
68     ---
69     test/recipes/25-test_pkcs7.t | 7 +++++--
70     test/recipes/25-test_pkcs7_data/malformed.pkcs7 | 3 +++
71     2 files changed, 8 insertions(+), 2 deletions(-)
72     create mode 100644 test/recipes/25-test_pkcs7_data/malformed.pkcs7
73    
74     diff --git a/test/recipes/25-test_pkcs7.t b/test/recipes/25-test_pkcs7.t
75     index 37cd43dc6b..d61cd6abad 100644
76     --- a/test/recipes/25-test_pkcs7.t
77     +++ b/test/recipes/25-test_pkcs7.t
78     @@ -11,11 +11,11 @@ use strict;
79     use warnings;
80    
81     use File::Spec;
82     -use OpenSSL::Test qw/:DEFAULT srctop_file/;
83     +use OpenSSL::Test qw/:DEFAULT srctop_file data_file/;
84    
85     setup("test_pkcs7");
86    
87     -plan tests => 3;
88     +plan tests => 4;
89    
90     require_ok(srctop_file('test','recipes','tconversion.pl'));
91    
92     @@ -27,3 +27,6 @@ subtest 'pkcs7 conversions -- pkcs7d' => sub {
93     tconversion( -type => 'p7d', -in => srctop_file("test", "pkcs7-1.pem"),
94     -args => ["pkcs7"] );
95     };
96     +
97     +my $malformed = data_file('malformed.pkcs7');
98     +ok(run(app(["openssl", "pkcs7", "-in", $malformed])));
99     diff --git a/test/recipes/25-test_pkcs7_data/malformed.pkcs7 b/test/recipes/25-test_pkcs7_data/malformed.pkcs7
100     new file mode 100644
101     index 0000000000..e30d1b582c
102     --- /dev/null
103     +++ b/test/recipes/25-test_pkcs7_data/malformed.pkcs7
104     @@ -0,0 +1,3 @@
105     +-----BEGIN PKCS7-----
106     +MAsGCSqGSIb3DQEHAg==
107     +-----END PKCS7-----
108     --
109     2.39.1
110    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed