~alpine/aports

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch

[alpine-aports] [PATCH v2] main/openssl: fix for CVE-2016-2180

Daniel Sabogal <dsabogalcc@gmail.com>
Details
Message ID
<20160903012432.21534-1-dsabogalcc@gmail.com>
Sender timestamp
1472865872
DKIM signature
missing
Download raw message
Patch: +46 -4
---
 main/openssl/APKBUILD            | 12 ++++++++----
 main/openssl/CVE-2016-2180.patch | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+), 4 deletions(-)
 create mode 100644 main/openssl/CVE-2016-2180.patch

diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD
index 90e8986..81159a8 100644
--- a/main/openssl/APKBUILD
+++ b/main/openssl/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openssl
pkgver=1.0.2h
pkgrel=1
pkgrel=2
pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
url="http://openssl.org"
depends=
@@ -29,6 +29,7 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
	1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
	CVE-2016-2177.patch
	CVE-2016-2178.patch
	CVE-2016-2180.patch
	"

_builddir="$srcdir"/$pkgname-$pkgver
@@ -130,7 +131,8 @@ ed6e779e9799aeb7e029929a5719e631  0005-fix-parallel-build.patch
aa16c89b283faf0fe546e3f897279c44  1002-backport-changes-from-upstream-padlock-module.patch
57cca845e22c178c3b317010be56edf0  1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
1accc0880b6e95726ea9f668808cd8ba  CVE-2016-2177.patch
5c8e962b3d7e0082c1af432f6d0ad221  CVE-2016-2178.patch"
5c8e962b3d7e0082c1af432f6d0ad221  CVE-2016-2178.patch
6d2276c87a17ae8615b47a1dea306d41  CVE-2016-2180.patch"
sha256sums="1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919  openssl-1.0.2h.tar.gz
b449fb998b5f60a3a1779ac2f432b2c7f08ae52fc6dfa98bca37d735f863d400  0002-busybox-basename.patch
c3e6a9710726dac72e3eeffd78961d3bae67a480f6bde7890e066547da25cdfd  0003-use-termios.patch
@@ -145,7 +147,8 @@ fa2e3101ca7c6daed7ea063860d586424be7590b1cec4302bc2beee1a3c6039f  0010-ssl-env-z
aee88a24622ce9d71e38deeb874e58435dcf8ff5690f56194f0e4a00fb09b260  1002-backport-changes-from-upstream-padlock-module.patch
c10b8aaf56a4f4f79ca195fc587e0bb533f643e777d7a3e6fb0350399a6060ea  1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
e321860623758c8a98b15dfa0b4671244e2cff34b5c62a489c43437d1053ed06  CVE-2016-2177.patch
7abe837d39953d0c0f694013a54f444e6f9ca0db8b98ca8aaf1d58683086784e  CVE-2016-2178.patch"
7abe837d39953d0c0f694013a54f444e6f9ca0db8b98ca8aaf1d58683086784e  CVE-2016-2178.patch
fa906541a97bf0dbb1faa600055e28a1515b073f8c2b607edbcbbb53bdd97c99  CVE-2016-2180.patch"
sha512sums="780601f6f3f32f42b6d7bbc4c593db39a3575f9db80294a10a68b2b0bb79448d9bd529ca700b9977354cbdfc65887c76af0aa7b90d3ee421f74ab53e6f15c303  openssl-1.0.2h.tar.gz
2244f46cb18e6b98f075051dd2446c47f7590abccd108fbab707f168a20cad8d32220d704635973f09e3b2879f523be5160f1ffbc12ab3900f8a8891dc855c5c  0002-busybox-basename.patch
58e42058a0c8086c49d681b1e226da39a8cf8cb88c51cf739dec2ff12e1bb5d7208ac5033264b186d58e9bdfe992fe9ddb95701d01caf1824396b2cefe30c0a4  0003-use-termios.patch
@@ -160,4 +163,5 @@ fc4e383ec85c6543e4e82520904122a5a5601c68042ece1e95a0cae95e02d89174f06f78ba2f8aac
a3555440b5f544bfd6b9ad97557d8f4c1d673f6a35219f65056a72035d186be5f354717ddf9784899b602464d48657b090ade24379552d43af97609c0f48c389  1002-backport-changes-from-upstream-padlock-module.patch
6353c7a94016c20db5d683dde37775f6780952ecdb1a5f39f878d04ba37f6ad79ae10fb6d65d181d912505a5d1e22463004cd855d548b364c00b120da2b0fdbc  1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
6e149213d1c4cbab06e0aedeb04562f96c1430e6e8f9b9836ff4ddd79da361db2bcfbdf83f6615369e8feaaefecfc0dc5f9cee3b56c2eeeca57233a2daf25d2c  CVE-2016-2177.patch
9a90ee6b6329dea17a70c6cd62fbf349289b4beab74137adc2448c54652501c2ff47694b9154da6e610e8b947ff2070e0460fe2754b62301a6a439e16eb6fd1b  CVE-2016-2178.patch"
9a90ee6b6329dea17a70c6cd62fbf349289b4beab74137adc2448c54652501c2ff47694b9154da6e610e8b947ff2070e0460fe2754b62301a6a439e16eb6fd1b  CVE-2016-2178.patch
6c330a4a204311b21c0319de4fae7ff99819d462313cb36b4486d3e322d1d7c6393392308ff6c9f7b5a7c070584be46de232a940626ff979db88656299c87d48  CVE-2016-2180.patch"
diff --git a/main/openssl/CVE-2016-2180.patch b/main/openssl/CVE-2016-2180.patch
new file mode 100644
index 0000000..4974b6d
--- /dev/null
+++ b/main/openssl/CVE-2016-2180.patch
@@ -0,0 +1,38 @@
From 0ed26acce328ec16a3aa635f1ca37365e8c7403a Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Thu, 21 Jul 2016 15:24:16 +0100
Subject: [PATCH] Fix OOB read in TS_OBJ_print_bio().

TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
as a null terminated buffer. The length value returned is the total
length the complete text reprsentation would need not the amount of
data written.

CVE-2016-2180

Thanks to Shi Lei for reporting this bug.

Reviewed-by: Matt Caswell <matt@openssl.org>
---
 crypto/ts/ts_lib.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c
index bde1bd7..e18f1f3 100644
--- a/crypto/ts/ts_lib.c
+++ b/crypto/ts/ts_lib.c
@@ -40,9 +40,8 @@ int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj)
 {
     char obj_txt[128];
 
-    int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
-    BIO_write(bio, obj_txt, len);
-    BIO_write(bio, "\n", 1);
+    OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
+    BIO_printf(bio, "%s\n", obj_txt);
 
     return 1;
 }
-- 
2.9.3

-- 
2.9.3



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)