[Buildroot] [PATCH 1/1] package/libopenssl: add patches fixing hangs asn1parse

* [Buildroot] [PATCH 1/1] package/libopenssl: add patches fixing hangs asn1parse
@ 2024-01-19 15:02 Martin Kurbanov via buildroot
  2024-02-07 18:52 ` Thomas Petazzoni via buildroot
  0 siblings, 1 reply; 2+ messages in thread
From: Martin Kurbanov via buildroot @ 2024-01-19 15:02 UTC (permalink / raw)
  To: buildroot; +Cc: Martin Kurbanov, kernel, sdfw_system_team

The asn1parse command hangs forever on 3.2.0 when the genstr or genconf
option is passed.

This commit fixes the issue by adding upstream commits [1] [2].

[1] https://github.com/openssl/openssl/commit/a552c23c6502592c1b3c67d93dd7e5ffbe958aa4
[2] https://github.com/openssl/openssl/commit/749fcc0e3ce796474a15d6fac221e57daeacff1e

Signed-off-by: Martin Kurbanov <mmkurbanov@salutedevices.com>
---
 ...x-genstr-genconf-option-in-asn1parse.patch |  42 ++++++
 ...en-asn1-oid-loader-to-invalid-inputs.patch | 122 ++++++++++++++++++
 2 files changed, 164 insertions(+)
 create mode 100644 package/libopenssl/0005-Fix-genstr-genconf-option-in-asn1parse.patch
 create mode 100644 package/libopenssl/0006-Harden-asn1-oid-loader-to-invalid-inputs.patch

diff --git a/package/libopenssl/0005-Fix-genstr-genconf-option-in-asn1parse.patch b/package/libopenssl/0005-Fix-genstr-genconf-option-in-asn1parse.patch
new file mode 100644
index 0000000000..14a6aa3af7
--- /dev/null
+++ b/package/libopenssl/0005-Fix-genstr-genconf-option-in-asn1parse.patch
@@ -0,0 +1,42 @@
+From 749fcc0e3ce796474a15d6fac221e57daeacff1e Mon Sep 17 00:00:00 2001
+From: Neil Horman <nhorman@openssl.org>
+Date: Tue, 5 Dec 2023 14:50:01 -0500
+Subject: [PATCH] Fix genstr/genconf option in asn1parse
+
+At some point the asn1parse applet was changed to default the inform to
+PEM, and defalt input file to stdin.  Doing so broke the -genstr|conf options,
+in that, before we attempt to generate an ASN1 block from the provided
+genstr string, we attempt to read a PEM input from stdin.  As a result,
+this command:
+openssl asn1parse -genstr OID:1.2.3.4
+hangs because we are attempting a blocking read on stdin, waiting for
+data that never arrives
+
+Fix it by giving priority to genstr|genconf, such that, if set, will just run
+do_generate on that string and exit
+
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/22957)
+Upstream: https://github.com/openssl/openssl/pull/22957
+Signed-off-by: Martin Kurbanov <mmkurbanov@salutedevices.com>
+---
+ apps/asn1parse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/apps/asn1parse.c b/apps/asn1parse.c
+index 097b0cc1ed..6597a6180b 100644
+--- a/apps/asn1parse.c
++++ b/apps/asn1parse.c
+@@ -178,7 +178,7 @@ int asn1parse_main(int argc, char **argv)
+ 
+     if ((buf = BUF_MEM_new()) == NULL)
+         goto end;
+-    if (informat == FORMAT_PEM) {
++    if (genstr == NULL && informat == FORMAT_PEM) {
+         if (PEM_read_bio(in, &name, &header, &str, &num) != 1) {
+             BIO_printf(bio_err, "Error reading PEM file\n");
+             ERR_print_errors(bio_err);
+-- 
+2.40.0
+
diff --git a/package/libopenssl/0006-Harden-asn1-oid-loader-to-invalid-inputs.patch b/package/libopenssl/0006-Harden-asn1-oid-loader-to-invalid-inputs.patch
new file mode 100644
index 0000000000..1e3e8bc2e3
--- /dev/null
+++ b/package/libopenssl/0006-Harden-asn1-oid-loader-to-invalid-inputs.patch
@@ -0,0 +1,122 @@
+From a552c23c6502592c1b3c67d93dd7e5ffbe958aa4 Mon Sep 17 00:00:00 2001
+From: Neil Horman <nhorman@openssl.org>
+Date: Tue, 5 Dec 2023 15:24:20 -0500
+Subject: [PATCH] Harden asn1 oid loader to invalid inputs
+
+In the event that a config file contains this sequence:
+=======
+openssl_conf = openssl_init
+
+config_diagnostics = 1
+
+[openssl_init]
+oid_section = oids
+
+[oids]
+testoid1 = 1.2.3.4.1
+testoid2 = A Very Long OID Name, 1.2.3.4.2
+testoid3 = ,1.2.3.4.3
+======
+
+The leading comma in testoid3 can cause a heap buffer overflow, as the
+parsing code will move the string pointer back 1 character, thereby
+pointing to an invalid memory space
+
+correct the parser to detect this condition and handle it by treating it
+as if the comma doesn't exist (i.e. an empty long oid name)
+
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/22957)
+Upstream: https://github.com/openssl/openssl/pull/22957
+Signed-off-by: Martin Kurbanov <mmkurbanov@salutedevices.com>
+---
+ apps/asn1parse.c                  |  2 +-
+ crypto/asn1/asn_moid.c            |  4 ++++
+ test/recipes/04-test_asn1_parse.t | 26 ++++++++++++++++++++++++++
+ test/test_asn1_parse.cnf          | 12 ++++++++++++
+ 4 files changed, 43 insertions(+), 1 deletion(-)
+ create mode 100644 test/recipes/04-test_asn1_parse.t
+ create mode 100644 test/test_asn1_parse.cnf
+
+diff --git a/apps/asn1parse.c b/apps/asn1parse.c
+index 6597a6180b..bf62f85947 100644
+--- a/apps/asn1parse.c
++++ b/apps/asn1parse.c
+@@ -178,7 +178,7 @@ int asn1parse_main(int argc, char **argv)
+ 
+     if ((buf = BUF_MEM_new()) == NULL)
+         goto end;
+-    if (genstr == NULL && informat == FORMAT_PEM) {
++    if (genconf == NULL && genstr == NULL && informat == FORMAT_PEM) {
+         if (PEM_read_bio(in, &name, &header, &str, &num) != 1) {
+             BIO_printf(bio_err, "Error reading PEM file\n");
+             ERR_print_errors(bio_err);
+diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c
+index 6f816307af..1e183f4f18 100644
+--- a/crypto/asn1/asn_moid.c
++++ b/crypto/asn1/asn_moid.c
+@@ -67,6 +67,10 @@ static int do_create(const char *value, const char *name)
+     if (p == NULL) {
+         ln = name;
+         ostr = value;
++    } else if (p == value) {
++        /* we started with a leading comma */
++        ln = name;
++        ostr = p + 1;
+     } else {
+         ln = value;
+         ostr = p + 1;
+diff --git a/test/recipes/04-test_asn1_parse.t b/test/recipes/04-test_asn1_parse.t
+new file mode 100644
+index 0000000000..f3af436592
+--- /dev/null
++++ b/test/recipes/04-test_asn1_parse.t
+@@ -0,0 +1,26 @@
++#! /usr/bin/env perl
++# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the Apache License 2.0 (the "License").  You may not use
++# this file except in compliance with the License.  You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
++use strict;
++use OpenSSL::Test qw(:DEFAULT srctop_file);
++use OpenSSL::Test::Utils;
++
++setup("test_asn1_parse");
++
++plan tests => 3;
++
++$ENV{OPENSSL_CONF} = srctop_file("test", "test_asn1_parse.cnf");
++
++ok(run(app(([ 'openssl', 'asn1parse',
++              '-genstr', 'OID:1.2.3.4.1']))));
++
++ok(run(app(([ 'openssl', 'asn1parse',
++              '-genstr', 'OID:1.2.3.4.2']))));
++
++ok(run(app(([ 'openssl', 'asn1parse',
++              '-genstr', 'OID:1.2.3.4.3']))));
+diff --git a/test/test_asn1_parse.cnf b/test/test_asn1_parse.cnf
+new file mode 100644
+index 0000000000..5f0305657e
+--- /dev/null
++++ b/test/test_asn1_parse.cnf
+@@ -0,0 +1,12 @@
++openssl_conf = openssl_init
++
++# Comment out the next line to ignore configuration errors
++config_diagnostics = 1
++
++[openssl_init]
++oid_section = oids
++
++[oids]
++testoid1 = 1.2.3.4.1
++testoid2 = A Very Long OID Name, 1.2.3.4.2
++testoid3 = ,1.2.3.4.3
+-- 
+2.40.0
+
-- 
2.40.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 2+ messages in thread