fix for CVE-2013-2139

This commit is contained in:
Tom Callaway 2013-12-30 11:53:27 -05:00
parent adec826852
commit f0985f9c77
2 changed files with 54 additions and 1 deletions

View File

@ -0,0 +1,48 @@
diff -up srtp/srtp/srtp.c.CVE20132139 srtp/srtp/srtp.c
--- srtp/srtp/srtp.c.CVE20132139 2013-12-30 11:47:39.477223492 -0500
+++ srtp/srtp/srtp.c 2013-12-30 11:49:44.580162545 -0500
@@ -2045,22 +2045,21 @@ crypto_policy_set_from_profile_for_rtp(c
switch(profile) {
case srtp_profile_aes128_cm_sha1_80:
crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
break;
case srtp_profile_aes128_cm_sha1_32:
- crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
+ /* We do not honor the 32-bit auth tag request since
+ * this is not compliant with RFC 3711 */
crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
break;
case srtp_profile_null_sha1_80:
crypto_policy_set_null_cipher_hmac_sha1_80(policy);
- crypto_policy_set_null_cipher_hmac_sha1_80(policy);
break;
case srtp_profile_aes256_cm_sha1_80:
crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
break;
case srtp_profile_aes256_cm_sha1_32:
- crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
+ /* We do not honor the 32-bit auth tag request since
+ * this is not compliant with RFC 3711 */
crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
break;
/* the following profiles are not (yet) supported */
@@ -2082,7 +2081,7 @@ crypto_policy_set_from_profile_for_rtcp(
crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
break;
case srtp_profile_aes128_cm_sha1_32:
- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
+ crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
break;
case srtp_profile_null_sha1_80:
crypto_policy_set_null_cipher_hmac_sha1_80(policy);
@@ -2091,7 +2090,7 @@ crypto_policy_set_from_profile_for_rtcp(
crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
break;
case srtp_profile_aes256_cm_sha1_32:
- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
+ crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
break;
/* the following profiles are not (yet) supported */
case srtp_profile_null_sha1_32:

View File

@ -3,7 +3,7 @@
Name: lib%{shortname}
Version: 1.4.4
Release: 8.%{cvsver}%{?dist}
Release: 9.%{cvsver}%{?dist}
Summary: An implementation of the Secure Real-time Transport Protocol (SRTP)
Group: System Environment/Libraries
License: BSD
@ -20,6 +20,7 @@ Source2: config.h
# Seriously. Who doesn't do shared libs these days?
# And how does Chromium always manage to find these projects and use them?
Patch0: libsrtp-1.4.4-shared.patch
Patch1: libsrtp-1.4.4-CVE20132139.patch
%description
This package provides an implementation of the Secure Real-time
@ -39,6 +40,7 @@ developing applications that use %{name}.
%prep
%setup -q -n %{shortname}
%patch0 -p1 -b .shared
%patch1 -p1 -b .CVE20132139
# Fix end-of-line encoding
sed -i 's/\r//g' doc/draft-irtf-cfrg-icm-00.txt
@ -89,6 +91,9 @@ cp -a %{SOURCE2} %{buildroot}%{_includedir}/%{shortname}/config.h
%{_libdir}/*.so
%changelog
* Mon Dec 30 2013 Tom Callaway <spot@fedoraproject.org> - 1.4.4-9.20101004cvs
- apply fix for CVE-2013-2139 from https://github.com/cisco/libsrtp/pull/27
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.4-8.20101004cvs
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild