CVE-2022-1292 openssl: c_rehash script allows command injection
Resolves: rhbz#2090362
This commit is contained in:
parent
a63915eb2b
commit
794d81540e
58
0065-CVE-2022-1292.patch
Normal file
58
0065-CVE-2022-1292.patch
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
diff --git a/tools/c_rehash.in b/tools/c_rehash.in
|
||||||
|
index d51d8856d7..a630773a02 100644
|
||||||
|
--- a/tools/c_rehash.in
|
||||||
|
+++ b/tools/c_rehash.in
|
||||||
|
@@ -152,6 +152,23 @@ sub check_file {
|
||||||
|
return ($is_cert, $is_crl);
|
||||||
|
}
|
||||||
|
|
||||||
|
+sub compute_hash {
|
||||||
|
+ my $fh;
|
||||||
|
+ if ( $^O eq "VMS" ) {
|
||||||
|
+ # VMS uses the open through shell
|
||||||
|
+ # The file names are safe there and list form is unsupported
|
||||||
|
+ if (!open($fh, "-|", join(' ', @_))) {
|
||||||
|
+ print STDERR "Cannot compute hash on '$fname'\n";
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+ } else {
|
||||||
|
+ if (!open($fh, "-|", @_)) {
|
||||||
|
+ print STDERR "Cannot compute hash on '$fname'\n";
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ return (<$fh>, <$fh>);
|
||||||
|
+}
|
||||||
|
|
||||||
|
# Link a certificate to its subject name hash value, each hash is of
|
||||||
|
# the form <hash>.<n> where n is an integer. If the hash value already exists
|
||||||
|
@@ -161,10 +178,12 @@ sub check_file {
|
||||||
|
|
||||||
|
sub link_hash_cert {
|
||||||
|
my $fname = $_[0];
|
||||||
|
- $fname =~ s/\"/\\\"/g;
|
||||||
|
- my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
|
||||||
|
+ my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
|
||||||
|
+ "-fingerprint", "-noout",
|
||||||
|
+ "-in", $fname);
|
||||||
|
chomp $hash;
|
||||||
|
chomp $fprint;
|
||||||
|
+ return if !$hash;
|
||||||
|
$fprint =~ s/^.*=//;
|
||||||
|
$fprint =~ tr/://d;
|
||||||
|
my $suffix = 0;
|
||||||
|
@@ -202,10 +221,12 @@ sub link_hash_cert {
|
||||||
|
|
||||||
|
sub link_hash_crl {
|
||||||
|
my $fname = $_[0];
|
||||||
|
- $fname =~ s/'/'\\''/g;
|
||||||
|
- my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
|
||||||
|
+ my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
|
||||||
|
+ "-fingerprint", "-noout",
|
||||||
|
+ "-in", $fname);
|
||||||
|
chomp $hash;
|
||||||
|
chomp $fprint;
|
||||||
|
+ return if !$hash;
|
||||||
|
$fprint =~ s/^.*=//;
|
||||||
|
$fprint =~ tr/://d;
|
||||||
|
my $suffix = 0;
|
@ -123,7 +123,8 @@ Patch62: 0062-Disable-EVP_PKEY_-sign-verify-in-FIPS-provider.patch
|
|||||||
Patch63: 0063-CVE-2022-1473.patch
|
Patch63: 0063-CVE-2022-1473.patch
|
||||||
# upstream commits 55c80c222293a972587004c185dc5653ae207a0e 2eda98790c5c2741d76d23cc1e74b0dc4f4b391a
|
# upstream commits 55c80c222293a972587004c185dc5653ae207a0e 2eda98790c5c2741d76d23cc1e74b0dc4f4b391a
|
||||||
Patch64: 0064-CVE-2022-1343.diff
|
Patch64: 0064-CVE-2022-1343.diff
|
||||||
|
# upstream commit 1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
|
||||||
|
Patch65: 0065-CVE-2022-1292.patch
|
||||||
|
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: http://www.openssl.org/
|
URL: http://www.openssl.org/
|
||||||
@ -460,6 +461,8 @@ install -m644 %{SOURCE9} \
|
|||||||
- CVE-2022-1343 openssl: Signer certificate verification returned
|
- CVE-2022-1343 openssl: Signer certificate verification returned
|
||||||
inaccurate response when using OCSP_NOCHECKS
|
inaccurate response when using OCSP_NOCHECKS
|
||||||
- Resolves: rhbz#2087911
|
- Resolves: rhbz#2087911
|
||||||
|
- CVE-2022-1292 openssl: c_rehash script allows command injection
|
||||||
|
- Resolves: rhbz#2090362
|
||||||
|
|
||||||
* Thu May 19 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-32
|
* Thu May 19 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-32
|
||||||
- `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode
|
- `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode
|
||||||
|
Loading…
Reference in New Issue
Block a user