upstream/oracle/userland-gate: components/libtasn1/patches/libtasn1-07-cve-2015-3622.patch@f499dad29f21 (annotated)

4723 4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	1	Source:
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	2	Internal
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	3
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	4	Info:
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	5	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3622
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	6	The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	7	4.5 allows remote attackers to cause a denial of service (out-of-bounds heap
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	8	read) via a crafted certificate.
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	9
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	10	Status:
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	11	Need to determine if this patch has been sent upstream.
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	12
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	13	--- ORIGINAL/./lib/decoding.c 2015-07-14 19:00:52.376976336 -0700
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	14	+++ libtasn1-2.8/./lib/decoding.c 2015-07-14 19:02:03.790570755 -0700
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	15	@@ -758,6 +758,7 @@
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	16	return ASN1_DER_ERROR;
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	17
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	18	counter = len3 + 1;
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	19	+ DECR_LEN(der_len, len3);
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	20
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	21	if (len2 == -1)
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	22	counter_end = der_len - 2;
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	23	@@ -766,6 +767,7 @@
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	24
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	25	while (counter < counter_end)
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	26	{
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	27	+ DECR_LEN(der_len, 1);
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	28	len2 = asn1_get_length_der (der + counter, der_len, &len3);
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	29
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	30	if (len2 < -1)
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	31	@@ -787,7 +789,6 @@
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	32	DECR_LEN(der_len, len2);
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	33	}
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	34
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	35	- DECR_LEN(der_len, 1);
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	36	counter += len2 + len3 + 1;
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	37	}
4193dfeb0e39 21124729 Move libtasn1 from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	38

author	Jiri Sasek <Jiri.Sasek@Oracle.COM>
	Wed, 27 Jan 2016 18:45:20 -0800
changeset 5398	f499dad29f21
parent 4723	4193dfeb0e39
permissions	-rw-r--r--