rpms/openssl
8
1
Fork 1
Code Issues Pull Requests Releases Activity

- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801)

Browse Source 
- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191)
- add alpha sub-archs (#296031)
This commit is contained in:
Tomáš Mráz 2007-10-12 12:17:08 +00:00
parent 65e6d90529
commit 873b8d554b
4 changed files with 1479 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
openssl-0.9.8b-cve-2007-3108.patch
View File

@ -336,7 +336,7 @@ diff -up openssl-0.9.8b/crypto/bn/bn_mont.c.no-branch openssl-0.9.8b/crypto/bn/b
r->neg=a->neg^n->neg; r->neg=a->neg^n->neg;
np=n->d; np=n->d;
@@ -228,37 +228,56 @@ int BN_from_montgomery(BIGNUM *ret, cons @@ -228,37 +228,58 @@ int BN_from_montgomery(BIGNUM *ret, cons
} }
bn_correct_top(r); bn_correct_top(r);
@ -413,10 +413,12 @@ diff -up openssl-0.9.8b/crypto/bn/bn_mont.c.no-branch openssl-0.9.8b/crypto/bn/b
-#endif -#endif
+ for (ri+=4; i<ri; i++) + for (ri+=4; i<ri; i++)
+ rp[i]=nrp[i], ap[i]=0; + rp[i]=nrp[i], ap[i]=0;
+ bn_correct_top(r);
+ bn_correct_top(ret);
#else /* !MONT_WORD */ #else /* !MONT_WORD */
BIGNUM *t1,*t2; BIGNUM *t1,*t2;
@@ -276,12 +295,12 @@ int BN_from_montgomery(BIGNUM *ret, cons @@ -276,12 +297,12 @@ int BN_from_montgomery(BIGNUM *ret, cons
if (!BN_mul(t1,t2,&mont->N,ctx)) goto err; if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
if (!BN_add(t2,a,t1)) goto err; if (!BN_add(t2,a,t1)) goto err;
if (!BN_rshift(ret,t2,mont->ri)) goto err; if (!BN_rshift(ret,t2,mont->ri)) goto err;

1429
openssl-0.9.8b-cve-2007-4995.patch Normal file
View File

File diff suppressed because it is too large Load Diff

45
openssl-0.9.8b-cve-2007-5135.patch Normal file
View File

@ -0,0 +1,45 @@
Possible one byte buffer overflow in SSL_get_shared_ciphers.
CVE-2007-5135
diff -up openssl-0.9.8b/ssl/ssl_lib.c.orig openssl-0.9.8b/ssl/ssl_lib.c
--- openssl-0.9.8b/ssl/ssl_lib.c.orig 2007-10-08 10:20:42.000000000 +0200
+++ openssl-0.9.8b/ssl/ssl_lib.c 2007-10-08 17:32:29.000000000 +0200
@@ -1201,7 +1201,6 @@ int SSL_set_cipher_list(SSL *s,const cha
char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
{
char *p;
- const char *cp;
STACK_OF(SSL_CIPHER) *sk;
SSL_CIPHER *c;
int i;
@@ -1214,20 +1213,21 @@ char *SSL_get_shared_ciphers(const SSL *
sk=s->session->ciphers;
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
- /* Decrement for either the ':' or a '\0' */
- len--;
+ int n;
+
c=sk_SSL_CIPHER_value(sk,i);
- for (cp=c->name; *cp; )
+ n=strlen(c->name);
+ if (n+1 > len)
{
- if (len-- <= 0)
- {
- *p='\0';
- return(buf);
- }
- else
- *(p++)= *(cp++);
+ if (p != buf)
+ --p;
+ *p='\0';
+ return buf;
}
+ strcpy(p,c->name);
+ p+=n;
*(p++)=':';
+ len-=n+1;
}
p[-1]='\0';
return(buf);

2
openssl.spec
View File

@ -21,7 +21,7 @@
Summary: The OpenSSL toolkit Summary: The OpenSSL toolkit
Name: openssl Name: openssl
Version: 0.9.8b Version: 0.9.8b
Release: 15%{?dist} Release: 16%{?dist}
Source: openssl-%{version}-usa.tar.bz2 Source: openssl-%{version}-usa.tar.bz2
Source1: hobble-openssl Source1: hobble-openssl
Source2: Makefile.certificate Source2: Makefile.certificate