rpms/qt5-qtbase
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Don't allow remote attacker to bypass security restrictions caused by

Browse Source 
flaw in certificate validation (CVE-2023-34410) (version #2)

Resolves: bz#2212754
This commit is contained in:
Jan Grulich 2023-06-09 13:38:08 +02:00
parent c64d896b79
commit e7496ce04f
2 changed files with 33 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
CVE-2023-34410-qtbase-5.15.patch
View File

@ -1,11 +1,11 @@
diff --git a/src/network/ssl/qsslsocket_schannel.cpp b/src/network/ssl/qsslsocket_schannel.cpp
index c956ce3c..86381886 100644
--- a/src/network/ssl/qsslsocket_schannel.cpp --- a/src/network/ssl/qsslsocket_schannel.cpp
+++ b/src/network/ssl/qsslsocket_schannel.cpp +++ b/src/network/ssl/qsslsocket_schannel.cpp
@@ -1880,6 +1880,26 @@ bool QSslSocketBackendPrivate::verifyCertContext(CERT_CONTEXT *certContext) @@ -1880,6 +1880,28 @@ bool QSslSocketBackendPrivate::verifyCertContext(CERT_CONTEXT *certContext)
if (configuration.peerVerifyDepth > 0 && DWORD(configuration.peerVerifyDepth) < verifyDepth) if (configuration.peerVerifyDepth > 0 && DWORD(configuration.peerVerifyDepth) < verifyDepth)
verifyDepth = DWORD(configuration.peerVerifyDepth); verifyDepth = DWORD(configuration.peerVerifyDepth);
+ const auto &caCertificates = q->sslConfiguration().caCertificates();
+
+ if (!rootCertOnDemandLoadingAllowed() + if (!rootCertOnDemandLoadingAllowed()
+ && !(chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_PARTIAL_CHAIN) + && !(chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_PARTIAL_CHAIN)
+ && (q->peerVerifyMode() == QSslSocket::VerifyPeer + && (q->peerVerifyMode() == QSslSocket::VerifyPeer
@ -29,3 +29,26 @@ index c956ce3c..86381886 100644
for (DWORD i = 0; i < verifyDepth; i++) { for (DWORD i = 0; i < verifyDepth; i++) {
CERT_CHAIN_ELEMENT *element = chain->rgpElement[i]; CERT_CHAIN_ELEMENT *element = chain->rgpElement[i];
QSslCertificate certificate = getCertificateFromChainElement(element); QSslCertificate certificate = getCertificateFromChainElement(element);
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -2221,6 +2221,10 @@ QSslSocketPrivate::QSslSocketPrivate()
, flushTriggered(false)
{
QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration);
+ // If the global configuration doesn't allow root certificates to be loaded
+ // on demand then we have to disable it for this socket as well.
+ if (!configuration.allowRootCertOnDemandLoading)
+ allowRootCertOnDemandLoading = false;
}
/*!
@@ -2470,6 +2474,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
ptr->sessionProtocol = global->sessionProtocol;
ptr->ciphers = global->ciphers;
ptr->caCertificates = global->caCertificates;
+ ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
ptr->protocol = global->protocol;
ptr->peerVerifyMode = global->peerVerifyMode;
ptr->peerVerifyDepth = global->peerVerifyDepth;

7
qt5-qtbase.spec
View File

@ -57,7 +57,7 @@ BuildRequires: pkgconfig(libsystemd)
Name: qt5-qtbase Name: qt5-qtbase
Summary: Qt5 - QtBase components Summary: Qt5 - QtBase components
Version: 5.15.9 Version: 5.15.9
Release: 5%{?dist} Release: 6%{?dist}
# See LGPL_EXCEPTIONS.txt, for exception details # See LGPL_EXCEPTIONS.txt, for exception details
@ -1134,6 +1134,11 @@ fi
%changelog %changelog
* Fri Jun 09 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-6
- Don't allow remote attacker to bypass security restrictions caused by
flaw in certificate validation (CVE-2023-34410) (version #2)
Resolves: bz#2212754
* Tue Jun 06 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-5 * Tue Jun 06 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-5
- Don't allow remote attacker to bypass security restrictions caused by - Don't allow remote attacker to bypass security restrictions caused by
flaw in certificate validation (CVE-2023-34410) flaw in certificate validation (CVE-2023-34410)