Random memory override

Resolves: rhbz#2072469
2023-03-17 14:45:56 +01:00 · 2023-03-17 14:45:56 +01:00 · e02a34a658
commit e02a34a658
parent c1ee92ea04
2 changed files with 31 additions and 1 deletions
--- a/0002-check-cjose_get_alloc.patch
+++ b/0002-check-cjose_get_alloc.patch
@ -0,0 +1,25 @@
+commit 54d449473b21e93805070264791e80f84f601b4d
+Author: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
+Date:   Tue Apr 5 20:51:20 2022 +0200
+
+    check result of cek = cjose_get_alloc()(cek_len) in jwe.c
+    
+    see: https://github.com/cisco/cjose/issues/110
+    
+    Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
+
+diff --git a/src/jwe.c b/src/jwe.c
+index 4285097..157ddec 100644
+--- a/src/jwe.c
+++ b/src/jwe.c
+@@ -2064,6 +2064,10 @@ uint8_t *cjose_jwe_decrypt_multi(cjose_jwe_t *jwe, cjose_key_locator key_locator
+         {
+             cek_len = jwe->cek_len;
+             cek = cjose_get_alloc()(cek_len);
+            if (!cek) {
+               CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY);
+               return NULL;
+            }
+             memcpy(cek, jwe->cek, cek_len);
+         }
+         else
--- a/cjose.spec
+++ b/cjose.spec
@ -1,6 +1,6 @@
 Name:           cjose
 Version:        0.6.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        C library implementing the Javascript Object Signing and Encryption (JOSE)

 License:        MIT
@ -8,6 +8,7 @@ URL:            https://github.com/cisco/cjose
 Source0:  	https://github.com/cisco/%{name}/archive/%{version}/%{name}-%{version}.tar.gz

 Patch1: concatkdf.patch
+Patch2: 0002-check-cjose_get_alloc.patch

 BuildRequires:  gcc
 BuildRequires:  doxygen
@ -64,6 +65,10 @@ make check || (cat test/test-suite.log; exit 1)


 %changelog
+* Fri Mar 17 2023 <thalman@redhat.com> - 0.6.1-3
+- Random memory override
+  Resolves: rhbz#2072469
+
 * Thu Aug  2 2018  <jdennis@redhat.com> - 0.6.1-2
 - fix concatkdf big endian architecture problem.
  Upstream issue #77.