[Pkg-openssl-changes] r758 - in openssl/branches/squeeze/debian: . patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Thu Dec 3 17:44:02 UTC 2015
Author: kroeckx
Date: 2015-12-03 17:44:02 +0000 (Thu, 03 Dec 2015)
New Revision: 758
Added:
openssl/branches/squeeze/debian/patches/CVE-2015-3195.patch
Modified:
openssl/branches/squeeze/debian/changelog
openssl/branches/squeeze/debian/patches/series
Log:
Fix CVE-2015-3195
Modified: openssl/branches/squeeze/debian/changelog
===================================================================
--- openssl/branches/squeeze/debian/changelog 2015-12-03 17:42:26 UTC (rev 757)
+++ openssl/branches/squeeze/debian/changelog 2015-12-03 17:44:02 UTC (rev 758)
@@ -1,3 +1,9 @@
+openssl (0.9.8o-4squeeze22) squeeze-lts; urgency=medium
+
+ * Fix CVE-2015-3195
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 03 Dec 2015 18:43:36 +0100
+
openssl (0.9.8o-4squeeze21) squeeze-lts; urgency=medium
* Fix CVE-2015-1791
Added: openssl/branches/squeeze/debian/patches/CVE-2015-3195.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/CVE-2015-3195.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/CVE-2015-3195.patch 2015-12-03 17:44:02 UTC (rev 758)
@@ -0,0 +1,55 @@
+From 7c13530c14867bc09d478b30148884aa16891e15 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Tue, 10 Nov 2015 19:03:07 +0000
+Subject: [PATCH 1/2] Fix leak with ASN.1 combine.
+
+When parsing a combined structure pass a flag to the decode routine
+so on error a pointer to the parent structure is not zeroed as
+this will leak any additional components in the parent.
+
+This can leak memory in any application parsing PKCS#7 or CMS structures.
+
+CVE-2015-3195.
+
+Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
+libFuzzer.
+
+PR#4131
+
+Reviewed-by: Richard Levitte <levitte at openssl.org>
+---
+ crypto/asn1/tasn_dec.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+Index: openssl-1.0.1k/crypto/asn1/tasn_dec.c
+===================================================================
+--- openssl-1.0.1k.orig/crypto/asn1/tasn_dec.c
++++ openssl-1.0.1k/crypto/asn1/tasn_dec.c
+@@ -169,6 +169,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
+ int otag;
+ int ret = 0;
+ ASN1_VALUE **pchptr, *ptmpval;
++ int combine = aclass & ASN1_TFLG_COMBINE;
++ aclass &= ~ASN1_TFLG_COMBINE;
+ if (!pval)
+ return 0;
+ if (aux && aux->asn1_cb)
+@@ -534,7 +536,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
+ auxerr:
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
+ err:
+- ASN1_item_ex_free(pval, it);
++ if (combine == 0)
++ ASN1_item_ex_free(pval, it);
+ if (errtt)
+ ERR_add_error_data(4, "Field=", errtt->field_name,
+ ", Type=", it->sname);
+@@ -762,7 +765,7 @@ static int asn1_template_noexp_d2i(ASN1_
+ {
+ /* Nothing special */
+ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
+- -1, 0, opt, ctx);
++ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
+ if (!ret)
+ {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
Modified: openssl/branches/squeeze/debian/patches/series
===================================================================
--- openssl/branches/squeeze/debian/patches/series 2015-12-03 17:42:26 UTC (rev 757)
+++ openssl/branches/squeeze/debian/patches/series 2015-12-03 17:44:02 UTC (rev 758)
@@ -87,3 +87,4 @@
CVE-2015-1792.patch
CVE-2015-1791.patch
CVE-2015-1790.patch
+CVE-2015-3195.patch
More information about the Pkg-openssl-changes
mailing list