Security fix for CVE-2023-23931

Resolves: rhbz#2157705
2023-02-20 19:25:02 +01:00 · 2023-02-20 19:25:02 +01:00 · b8a96b9d42
commit b8a96b9d42
parent 9f5f27800b
2 changed files with 54 additions and 1 deletions
--- a/CVE-2023-23931.patch
+++ b/CVE-2023-23931.patch
@ -0,0 +1,45 @@
+From 3914106b613ad4f5f27a2d1b3fc8fc2efb41dec6 Mon Sep 17 00:00:00 2001
+From: Alex Gaynor <alex.gaynor@gmail.com>
+Date: Tue, 31 Jan 2023 08:33:54 -0500
+Subject: [PATCH] Don't allow update_into to mutate immutable objects
+
+---
+ src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +-
+ tests/hazmat/primitives/test_ciphers.py             | 8 ++++++++
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
+index 1058de9..17abd3a 100644
+--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
+@@ -157,7 +157,7 @@ class _CipherContext:
+         data_processed = 0
+         total_out = 0
+         outlen = self._backend._ffi.new("int *")
+-        baseoutbuf = self._backend._ffi.from_buffer(buf)
+        baseoutbuf = self._backend._ffi.from_buffer(buf, require_writable=True)
+         baseinbuf = self._backend._ffi.from_buffer(data)
+ 
+         while data_processed != total_data_len:
+diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py
+index 02127dd..bf3b047 100644
+--- a/tests/hazmat/primitives/test_ciphers.py
+++ b/tests/hazmat/primitives/test_ciphers.py
+@@ -318,6 +318,14 @@ class TestCipherUpdateInto:
+         with pytest.raises(ValueError):
+             encryptor.update_into(b"testing", buf)
+ 
+    def test_update_into_immutable(self, backend):
+        key = b"\x00" * 16
+        c = ciphers.Cipher(AES(key), modes.ECB(), backend)
+        encryptor = c.encryptor()
+        buf = b"\x00" * 32
+        with pytest.raises((TypeError, BufferError)):
+            encryptor.update_into(b"testing", buf)
+
+     @pytest.mark.supported(
+         only_if=lambda backend: backend.cipher_supported(
+             AES(b"\x00" * 16), modes.GCM(b"\x00" * 12)
+-- 
+2.39.1
+
--- a/python3.11-cryptography.spec
+++ b/python3.11-cryptography.spec
@ -8,7 +8,7 @@

 Name:           python%{python3_pkgversion}-%{srcname}
 Version:        37.0.2
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        PyCA's cryptography library

 # We bundle various crates with cryptography which is dual licensed
@ -63,6 +63,11 @@ Source0:        https://github.com/pyca/cryptography/archive/%{version}/%{srcnam
 Source1:        cryptography-%{version}-vendor.tar.bz2
 Source2:        conftest-skipper.py

+# Security fix for CVE-2023-23931: memory corruption via immutable objects
+# Bugzilla tracker: https://bugzilla.redhat.com/show_bug.cgi?id=2171817
+# Resolved upstream: https://github.com/pyca/cryptography/commit/94a50a9731f35405f0357fa5f3b177d46a726ab3
+Patch0:         CVE-2023-23931.patch
+
 ExclusiveArch:  %{rust_arches}

 BuildRequires:  openssl-devel
@ -205,6 +210,9 @@ PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
 %{python3_sitearch}/%{srcname}-%{version}-py*.egg-info

 %changelog
+* Mon Feb 20 2023 Charalampos Stratakis <cstratak@redhat.com> - 37.0.2-4
+- Security fix for CVE-2023-23931
+
 * Tue Feb 14 2023 Charalampos Stratakis <cstratak@redhat.com> - 37.0.2-3
 - Rebuild for gating