From: Fan Xin <fan.xin@jp.fujitsu.com>
To: Sona Sarmadi <sona.sarmadi@enea.com>,
"openembedded-core@lists.openembedded.org"
<openembedded-core@lists.openembedded.org>
Subject: Re: [PATCH][dizzy][daisy][dylan] openssl: fix for CVE-2015-3195
Date: Mon, 14 Dec 2015 17:46:59 +0900 [thread overview]
Message-ID: <566E8203.7050909@jp.fujitsu.com> (raw)
In-Reply-To: <3230301C09DEF9499B442BBE162C5E48ABABB49B@SESTOEX04.enea.se>
Hi Sona,
> How can this patch be applied to dizzy branch?
This patch is for dylan branch.
I will send the patch for dizzy and daisy later.
> You have only sent patch for CVE-2015-3195, how about CVE-2015-3194?
Actually the patch for CVE-2015-3194 is also needed for dizzy and daisy
branch.
Thanks for your comment.
I will modify and re-send the patch.
Regards,
Fan
On 2015年12月14日 17:00, Sona Sarmadi wrote:
> Hi Fan,
>
> dizzy branch has Openssl version 1.0.1p now:
> http://git.yoctoproject.org/cgit/cgit.cgi/poky/tree/meta/recipes-connectivity/openssl/openssl_1.0.1p.bb?h=dizzy
>
> How can this patch be applied to dizzy branch?
>
> You have only sent patch for CVE-2015-3195, how about CVE-2015-3194?
> CVE-2015-3193 does not seem to affect OpenSSL version 1.0.1 according to Mitre:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193
> CVE-2015-3193 (OpenSSL 1.0.2)
> CVE-2015-3194 (OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e)
> CVE-2015-3195 (OpenSSL before before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e)
>
> Regards
> //Sona
>
>
>> -----Original Message-----
>> From: openembedded-core-bounces@lists.openembedded.org
>> [mailto:openembedded-core-bounces@lists.openembedded.org] On Behalf
>> Of Fan Xin
>> Sent: den 11 december 2015 09:14
>> To: openembedded-core@lists.openembedded.org
>> Cc: Fan Xin <fan.xin@jp.fujitsu.com>
>> Subject: [OE-core] [PATCH][dizzy][daisy][dylan] openssl: fix for CVE-2015-
>> 3195
>>
>> This vulnerability affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.
>> So the patch also should be merged into dizzy, daisy and dylan.
>>
>> Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
>> ---
>> .../0001-Fix-leak-with-ASN.1-combine.patch | 65
>> ++++++++++++++++++++++
>> .../recipes-connectivity/openssl/openssl_1.0.1e.bb | 1 +
>> 2 files changed, 66 insertions(+)
>> create mode 100644 meta/recipes-connectivity/openssl/openssl-
>> 1.0.1e/0001-Fix-leak-with-ASN.1-combine.patch
>>
>> diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-leak-
>> with-ASN.1-combine.patch b/meta/recipes-connectivity/openssl/openssl-
>> 1.0.1e/0001-Fix-leak-with-ASN.1-combine.patch
>> new file mode 100644
>> index 0000000..5bda457
>> --- /dev/null
>> +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-leak-wit
>> +++ h-ASN.1-combine.patch
>> @@ -0,0 +1,65 @@
>> +Upstream-Status: Backport
>> +
>> +This patch was imprted from
>> +https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da57
>> +66243ed55d55948637d
>> +
>> +Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
>> +
>> +From cc598f321fbac9c04da5766243ed55d55948637d Mon Sep 17
>> 00:00:00 2001
>> +From: Dr. Stephen Henson <steve@openssl.org>
>> +Date: Tue, 10 Nov 2015 19:03:07 +0000
>> +Subject: [PATCH] Fix leak with ASN.1 combine.
>> +
>> +When parsing a combined structure pass a flag to the decode routine so
>> +on error a pointer to the parent structure is not zeroed as this will
>> +leak any additional components in the parent.
>> +
>> +This can leak memory in any application parsing PKCS#7 or CMS structures.
>> +
>> +CVE-2015-3195.
>> +
>> +Thanks to Adam Langley (Google/BoringSSL) for discovering this bug
>> +using libFuzzer.
>> +
>> +PR#4131
>> +
>> +Reviewed-by: Richard Levitte <levitte@openssl.org>
>> +---
>> + crypto/asn1/tasn_dec.c | 7 +++++--
>> + 1 files changed, 5 insertions(+), 2 deletions(-)
>> +
>> +diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index
>> +febf605..9256049 100644
>> +--- a/crypto/asn1/tasn_dec.c
>> ++++ b/crypto/asn1/tasn_dec.c
>> +@@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const
>> unsigned char **in, long len,
>> + int otag;
>> + int ret = 0;
>> + ASN1_VALUE **pchptr, *ptmpval;
>> ++ int combine = aclass & ASN1_TFLG_COMBINE;
>> ++ aclass &= ~ASN1_TFLG_COMBINE;
>> + if (!pval)
>> + return 0;
>> + if (aux && aux->asn1_cb)
>> +@@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const
>> +unsigned char **in, long len,
>> + auxerr:
>> + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
>> + err:
>> +- ASN1_item_ex_free(pval, it);
>> ++ if (combine == 0)
>> ++ ASN1_item_ex_free(pval, it);
>> + if (errtt)
>> + ERR_add_error_data(4, "Field=", errtt->field_name,
>> + ", Type=", it->sname); @@ -689,7 +692,7 @@
>> +static int asn1_template_noexp_d2i(ASN1_VALUE **val,
>> + } else {
>> + /* Nothing special */
>> + ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
>> +- -1, 0, opt, ctx);
>> ++ -1, tt->flags & ASN1_TFLG_COMBINE, opt,
>> ++ ctx);
>> + if (!ret) {
>> + ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
>> ERR_R_NESTED_ASN1_ERROR);
>> + goto err;
>> +--
>> +1.7.0.4
>> +
>> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
>> b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
>> index bc1b944..dbc2da2 100644
>> --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
>> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
>> @@ -37,6 +37,7 @@ SRC_URI += "file://configure-targets.patch \
>> file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \
>> file://CVE-2014-0160.patch \
>> file://openssl-CVE-2014-0198-fix.patch \
>> + file://0001-Fix-leak-with-ASN.1-combine.patch \
>> "
>>
>> SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"
>> --
>> 1.8.4.2
>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
--
=====================================================
株式会社富士通コンピュータテクノロジーズ
組込みシステム技術統括部 第一ファームウェア技術部
樊 昕 Fan Xin
fan.xin@jp.fujitsu.com
┏┓ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
┗■ 【ubinux V15】のリリースを開始しました!
「SDN(Open vSwitch)」や「クラウド管理(OpenStack Heat)」などに対応
---------------------------------------------------------------------
詳細>>http://elsc.utsfd.cs.fujitsu.co.jp/location_elsc.php?id=0024
※"ubinux"は組込み装置向け当社独自のLinuxディストリビューションです
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
prev parent reply other threads:[~2015-12-14 8:45 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-11 8:13 [PATCH][dizzy][daisy][dylan] openssl: fix for CVE-2015-3195 Fan Xin
2015-12-14 8:00 ` Sona Sarmadi
2015-12-14 8:46 ` Fan Xin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=566E8203.7050909@jp.fujitsu.com \
--to=fan.xin@jp.fujitsu.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=sona.sarmadi@enea.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.