Fix possible DoS translating ASN.1 object identifiers
Resolves: CVE-2023-2650
This commit is contained in:
parent
103d3109dc
commit
df4dd7dd7f
30
0122-CVE-2023-2650.patch
Normal file
30
0122-CVE-2023-2650.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
|
||||||
|
index 01cde00e98..c0e55197a0 100644
|
||||||
|
--- a/crypto/objects/obj_dat.c
|
||||||
|
+++ b/crypto/objects/obj_dat.c
|
||||||
|
@@ -443,6 +443,25 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
|
||||||
|
first = 1;
|
||||||
|
bl = NULL;
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs:
|
||||||
|
+ *
|
||||||
|
+ * > 3.5. OBJECT IDENTIFIER values
|
||||||
|
+ * >
|
||||||
|
+ * > An OBJECT IDENTIFIER value is an ordered list of non-negative
|
||||||
|
+ * > numbers. For the SMIv2, each number in the list is referred to as a
|
||||||
|
+ * > sub-identifier, there are at most 128 sub-identifiers in a value,
|
||||||
|
+ * > and each sub-identifier has a maximum value of 2^32-1 (4294967295
|
||||||
|
+ * > decimal).
|
||||||
|
+ *
|
||||||
|
+ * So a legitimate OID according to this RFC is at most (32 * 128 / 7),
|
||||||
|
+ * i.e. 586 bytes long.
|
||||||
|
+ *
|
||||||
|
+ * Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
|
||||||
|
+ */
|
||||||
|
+ if (len > 586)
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
while (len > 0) {
|
||||||
|
l = 0;
|
||||||
|
use_bn = 0;
|
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 3.0.7
|
Version: 3.0.7
|
||||||
Release: 19%{?dist}
|
Release: 20%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -194,6 +194,7 @@ Patch118: 0118-CVE-2023-1255.patch
|
|||||||
Patch120: 0120-RSA-PKCS15-implicit-rejection.patch
|
Patch120: 0120-RSA-PKCS15-implicit-rejection.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2160797
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2160797
|
||||||
Patch121: 0121-FIPS-cms-defaults.patch
|
Patch121: 0121-FIPS-cms-defaults.patch
|
||||||
|
Patch122: 0122-CVE-2023-2650.patch
|
||||||
|
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: http://www.openssl.org/
|
URL: http://www.openssl.org/
|
||||||
@ -517,6 +518,10 @@ install -m644 %{SOURCE9} \
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue May 30 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-20
|
||||||
|
- Fix possible DoS translating ASN.1 object identifiers
|
||||||
|
Resolves: CVE-2023-2650
|
||||||
|
|
||||||
* Mon May 22 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-19
|
* Mon May 22 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-19
|
||||||
- Re-enable DHX keys in FIPS mode, disable FIPS 186-4 parameter validation and generation in FIPS mode
|
- Re-enable DHX keys in FIPS mode, disable FIPS 186-4 parameter validation and generation in FIPS mode
|
||||||
Resolves: rhbz#2169757
|
Resolves: rhbz#2169757
|
||||||
|
Loading…
Reference in New Issue
Block a user