author | Craig Mohrman <craig.mohrman@oracle.com> |
Fri, 03 Apr 2015 10:20:02 -0700 | |
changeset 4050 | 253de46fd78c |
permissions | -rw-r--r-- |
4050
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
1 |
This patch fixes CVE-2013-0308. |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
2 |
It was created from a diff between the version 1.8.1.4 of this file |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
3 |
from the community and the current one. The only changes to this file |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
4 |
are for addressing this CVE. |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
5 |
Here is the community diff: |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
6 |
https://github.com/gitster/git/commit/0ee7198f457c8ea031b09b528cfd88f0f0e630d8 |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
7 |
|
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
8 |
--- git-1.7.9.2/imap-send.c_orig 2012-02-22 18:04:18.000000000 -0800 |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
9 |
+++ git-1.7.9.2/imap-send.c 2015-03-25 12:23:29.465800340 -0700 |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
10 |
@@ -31,6 +31,7 @@ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
11 |
#else |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
12 |
#include <openssl/evp.h> |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
13 |
#include <openssl/hmac.h> |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
14 |
+#include <openssl/x509v3.h> |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
15 |
#endif |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
16 |
|
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
17 |
struct store_conf { |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
18 |
@@ -266,12 +267,64 @@ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
19 |
} |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
20 |
} |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
21 |
|
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
22 |
+#ifdef NO_OPENSSL |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
23 |
static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int verify) |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
24 |
{ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
25 |
-#ifdef NO_OPENSSL |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
26 |
fprintf(stderr, "SSL requested but SSL support not compiled in\n"); |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
27 |
return -1; |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
28 |
+} |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
29 |
+ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
30 |
#else |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
31 |
+ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
32 |
+static int host_matches(const char *host, const char *pattern) |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
33 |
+{ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
34 |
+ if (pattern[0] == '*' && pattern[1] == '.') { |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
35 |
+ pattern += 2; |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
36 |
+ if (!(host = strchr(host, '.'))) |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
37 |
+ return 0; |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
38 |
+ host++; |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
39 |
+ } |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
40 |
+ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
41 |
+ return *host && *pattern && !strcasecmp(host, pattern); |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
42 |
+} |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
43 |
+ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
44 |
+static int verify_hostname(X509 *cert, const char *hostname) |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
45 |
+{ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
46 |
+ int len; |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
47 |
+ X509_NAME *subj; |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
48 |
+ char cname[1000]; |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
49 |
+ int i, found; |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
50 |
+ STACK_OF(GENERAL_NAME) *subj_alt_names; |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
51 |
+ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
52 |
+ /* try the DNS subjectAltNames */ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
53 |
+ found = 0; |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
54 |
+ if ((subj_alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL))) { |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
55 |
+ int num_subj_alt_names = sk_GENERAL_NAME_num(subj_alt_names); |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
56 |
+ for (i = 0; !found && i < num_subj_alt_names; i++) { |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
57 |
+ GENERAL_NAME *subj_alt_name = sk_GENERAL_NAME_value(subj_alt_names, i); |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
58 |
+ if (subj_alt_name->type == GEN_DNS && |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
59 |
+ strlen((const char *)subj_alt_name->d.ia5->data) == (size_t)subj_alt_name->d.ia5->length && |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
60 |
+ host_matches(hostname, (const char *)(subj_alt_name->d.ia5->data))) |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
61 |
+ found = 1; |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
62 |
+ } |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
63 |
+ sk_GENERAL_NAME_pop_free(subj_alt_names, GENERAL_NAME_free); |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
64 |
+ } |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
65 |
+ if (found) |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
66 |
+ return 0; |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
67 |
+ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
68 |
+ /* try the common name */ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
69 |
+ if (!(subj = X509_get_subject_name(cert))) |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
70 |
+ return error("cannot get certificate subject"); |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
71 |
+ if ((len = X509_NAME_get_text_by_NID(subj, NID_commonName, cname, sizeof(cname))) < 0) |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
72 |
+ return error("cannot get certificate common name"); |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
73 |
+ if (strlen(cname) == (size_t)len && host_matches(hostname, cname)) |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
74 |
+ return 0; |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
75 |
+ return error("certificate owner '%s' does not match hostname '%s'", |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
76 |
+ cname, hostname); |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
77 |
+} |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
78 |
+ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
79 |
+static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int verify) |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
80 |
+{ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
81 |
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
82 |
const SSL_METHOD *meth; |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
83 |
#else |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
84 |
@@ -279,6 +332,7 @@ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
85 |
#endif |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
86 |
SSL_CTX *ctx; |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
87 |
int ret; |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
88 |
+ X509 *cert; |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
89 |
|
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
90 |
SSL_library_init(); |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
91 |
SSL_load_error_strings(); |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
92 |
@@ -322,9 +376,18 @@ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
93 |
return -1; |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
94 |
} |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
95 |
|
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
96 |
+ if (verify) { |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
97 |
+ /* make sure the hostname matches that of the certificate */ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
98 |
+ cert = SSL_get_peer_certificate(sock->ssl); |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
99 |
+ if (!cert) |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
100 |
+ return error("unable to get peer certificate."); |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
101 |
+ if (verify_hostname(cert, server.host) < 0) |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
102 |
+ return -1; |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
103 |
+ } |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
104 |
+ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
105 |
return 0; |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
106 |
-#endif |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
107 |
} |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
108 |
+#endif |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
109 |
|
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
110 |
static int socket_read(struct imap_socket *sock, char *buf, int len) |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
111 |
{ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
112 |
@@ -1022,7 +1085,7 @@ |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
113 |
|
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
114 |
ret = socket_write(&ctx->imap->buf.sock, response, strlen(response)); |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
115 |
if (ret != strlen(response)) |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
116 |
- return error("IMAP error: sending response failed\n"); |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
117 |
+ return error("IMAP error: sending response failed"); |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
118 |
|
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
119 |
free(response); |
253de46fd78c
20761309 problem in UTILITY/GIT
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
120 |