From dae4fe99ae19e870313b285bfac6b743c21b4d68 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 23 May 2024 10:02:03 +0300 Subject: [PATCH] Import from CS git --- ...th-high-compression-ratio_rhel#28697.patch | 74 +++++++++++++++++++ ...er-of-iterations-for-PBES_rhel#23038.patch | 44 +++++++++++ SPECS/python-jwcrypto.spec | 12 ++- 3 files changed, 129 insertions(+), 1 deletion(-) create mode 100644 SOURCES/0001-Address-potential-DoS-with-high-compression-ratio_rhel#28697.patch create mode 100644 SOURCES/0002-Limit-number-of-iterations-for-PBES_rhel#23038.patch diff --git a/SOURCES/0001-Address-potential-DoS-with-high-compression-ratio_rhel#28697.patch b/SOURCES/0001-Address-potential-DoS-with-high-compression-ratio_rhel#28697.patch new file mode 100644 index 0000000..03d0276 --- /dev/null +++ b/SOURCES/0001-Address-potential-DoS-with-high-compression-ratio_rhel#28697.patch @@ -0,0 +1,74 @@ +From 90477a3b6e73da69740e00b8161f53fea19b831f Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Tue, 5 Mar 2024 16:57:17 -0500 +Subject: [PATCH] Address potential DoS with high compression ratio + +Fixes CVE-2024-28102 + +Signed-off-by: Simo Sorce +--- + jwcrypto/jwe.py | 7 +++++++ + jwcrypto/tests.py | 26 ++++++++++++++++++++++++++ + 2 files changed, 33 insertions(+) + +diff --git a/jwcrypto/jwe.py b/jwcrypto/jwe.py +index 9412881..5df500b 100644 +--- a/jwcrypto/jwe.py ++++ b/jwcrypto/jwe.py +@@ -9,5 +10,8 @@ + from jwcrypto.jwa import JWA + ++# Limit the amount of data we are willing to decompress by default. ++default_max_compressed_size = 256 * 1024 ++ + + # RFC 7516 - 4.1 + # name: (description, supported?) +@@ -374,6 +374,10 @@ def _decrypt(self, key, ppe): + + compress = jh.get('zip', None) + if compress == 'DEF': ++ if len(data) > default_max_compressed_size: ++ raise InvalidJWEData( ++ 'Compressed data exceeds maximum allowed' ++ 'size' + f' ({default_max_compressed_size})') + self.plaintext = zlib.decompress(data, -zlib.MAX_WBITS) + elif compress is None: + self.plaintext = data +diff --git a/jwcrypto/tests.py b/jwcrypto/tests.py +index bb2ff10..59049f8 100644 +--- a/jwcrypto/tests.py ++++ b/jwcrypto/tests.py +@@ -1196,6 +1196,32 @@ def test_pbes2_hs256_aeskw_custom_params(self): + check.deserialize(enc, key) + self.assertEqual(b'plain', check.payload) + ++ def test_jwe_decompression_max(self): ++ key = jwk.JWK(kty='oct', k=base64url_encode(b'A' * (128 // 8))) ++ payload = '{"u": "' + "u" * 400000000 + '", "uu":"' \ ++ + "u" * 400000000 + '"}' ++ protected_header = { ++ "alg": "A128KW", ++ "enc": "A128GCM", ++ "typ": "JWE", ++ "zip": "DEF", ++ } ++ enc = jwe.JWE(payload.encode('utf-8'), ++ recipient=key, ++ protected=protected_header).serialize(compact=True) ++ with self.assertRaises(jwe.InvalidJWEData): ++ check = jwe.JWE() ++ check.deserialize(enc) ++ check.decrypt(key) ++ ++ defmax = jwe.default_max_compressed_size ++ jwe.default_max_compressed_size = 1000000000 ++ # ensure we can eraise the limit and decrypt ++ check = jwe.JWE() ++ check.deserialize(enc) ++ check.decrypt(key) ++ jwe.default_max_compressed_size = defmax ++ + + class JWATests(unittest.TestCase): + def test_jwa_create(self): diff --git a/SOURCES/0002-Limit-number-of-iterations-for-PBES_rhel#23038.patch b/SOURCES/0002-Limit-number-of-iterations-for-PBES_rhel#23038.patch new file mode 100644 index 0000000..244f3e7 --- /dev/null +++ b/SOURCES/0002-Limit-number-of-iterations-for-PBES_rhel#23038.patch @@ -0,0 +1,44 @@ +From d2655d370586cb830e49acfb450f87598da60be8 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Thu, 7 Dec 2023 12:49:07 -0500 +Subject: [PATCH] Fix potential DoS issue with p2c header + +Unbounded p2c headers may be used to cause an application that accept +PBES algorithms to spend alot of resources running PBKDF2 with a very +high number of iterations. + +Clamp the default maximum to 16384 (double the default of 8192). +An application that wants to use more iterations will have to chenge the +jwa default max. + +Fixes CVE-2023-6681 + +Signed-off-by: Simo Sorce +--- + jwcrypto/jwa.py | 5 +++++ + jwcrypto/tests.py | 12 ++++++++++++ + 2 files changed, 17 insertions(+) + +diff --git a/jwcrypto/jwa.py b/jwcrypto/jwa.py +index de7a79f..ca4568e 100644 +--- a/jwcrypto/jwa.py ++++ b/jwcrypto/jwa.py +@@ -29,6 +29,8 @@ + + # Implements RFC 7518 - JSON Web Algorithms (JWA) + ++default_max_pbkdf2_iterations = 16384 ++ + + @six.add_metaclass(abc.ABCMeta) + class JWAAlgorithm(object): +@@ -588,6 +590,9 @@ def __init__(self): + self.aeskwmap = {128: _A128KW, 192: _A192KW, 256: _A256KW} + + def _get_key(self, alg, key, p2s, p2c): ++ if p2c > default_max_pbkdf2_iterations: ++ raise ValueError('Invalid p2c value, too large') ++ + if isinstance(key, bytes): + plain = key + else: diff --git a/SPECS/python-jwcrypto.spec b/SPECS/python-jwcrypto.spec index c772b96..4c4e9cd 100644 --- a/SPECS/python-jwcrypto.spec +++ b/SPECS/python-jwcrypto.spec @@ -16,13 +16,16 @@ Name: python-%{srcname} Version: 0.5.0 -Release: 1.1%{?dist} +Release: 2%{?dist} Summary: Implements JWK, JWS, JWE specifications using python-cryptography License: LGPLv3+ URL: https://github.com/latchset/%{srcname} Source0: https://github.com/latchset/%{srcname}/releases/download/v%{version}/%{srcname}-%{version}.tar.gz +Patch1: 0001-Address-potential-DoS-with-high-compression-ratio_rhel#28697.patch +Patch2: 0002-Limit-number-of-iterations-for-PBES_rhel#23038.patch + BuildArch: noarch %if %{with python2} BuildRequires: python2-devel @@ -64,6 +67,7 @@ Implements JWK, JWS, JWE specifications using python-cryptography %prep %setup -q -n %{srcname}-%{version} +%autopatch -p 1 %build %if %{with python2} @@ -114,6 +118,12 @@ rm -rf %{buildroot}/usr/share/doc/jwcrypto %changelog +* Mon Apr 15 2024 Rafael Jeffman - 0.5.0-2 +- Address potential DoS with high compression ratio + Resolves: RHEL-28697 +- Limit number of iterations for PBES + Resolves: RHEL-23036 RHEL-23037 + * Fri Jun 17 2022 Christian Heimes - 0.5.0-1.1 - Bump dist to solve version sorting issue, fixes RHBZ#2097800