[bouncycastle] 04/07: Apply CVE-2017-13098.patch and fix CVE-2017-13098.

Markus Koschany apo at moszumanska.debian.org
Sun Dec 17 20:50:50 UTC 2017 

This is an automated email from the git hooks/post-receive script.

apo pushed a commit to branch master
in repository bouncycastle.

commit e21813f6dff60bdf67e6379e732dca8683ad2580
Author: Markus Koschany <apo at debian.org>
Date:   Sun Dec 17 20:31:36 2017 +0100

    Apply CVE-2017-13098.patch and fix CVE-2017-13098.
    
    Closes: #884241
    Thanks: Salvatore Bonaccorso for the report.
---
 debian/patches/CVE-2017-13098.patch | 26 ++++++++++++++++++++++++++
 debian/patches/series               |  1 +
 2 files changed, 27 insertions(+)

diff --git a/debian/patches/CVE-2017-13098.patch b/debian/patches/CVE-2017-13098.patch
new file mode 100644
index 0000000..2ec65b0
--- /dev/null
+++ b/debian/patches/CVE-2017-13098.patch
@@ -0,0 +1,26 @@
+From a00b684465b38d722ca9a3543b8af8568e6bad5c Mon Sep 17 00:00:00 2001
+From: Peter Dettman <peter.dettman at bouncycastle.org>
+Date: Tue, 12 Dec 2017 08:41:43 +0700
+Subject: [PATCH] Confirm size of decrypted PMS before using
+
+---
+ .../tls/crypto/impl/jcajce/JceDefaultTlsCredentialedDecryptor.java  | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceDefaultTlsCredentialedDecryptor.java b/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceDefaultTlsCredentialedDecryptor.java
+index c4ab53206..cea1df8b9 100644
+--- a/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceDefaultTlsCredentialedDecryptor.java
++++ b/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceDefaultTlsCredentialedDecryptor.java
+@@ -97,7 +97,11 @@ protected TlsSecret safeDecryptPreMasterSecret(TlsCryptoParameters cryptoParams,
+         {
+             Cipher c = crypto.createRSAEncryptionCipher();
+             c.init(Cipher.DECRYPT_MODE, rsaServerPrivateKey);
+-            M = c.doFinal(encryptedPreMasterSecret);
++            byte[] m = c.doFinal(encryptedPreMasterSecret);
++            if (m != null && m.length == 48)
++            {
++                M = m;
++            }
+         }
+         catch (Exception e)
+         {
diff --git a/debian/patches/series b/debian/patches/series
index 9a5b0b8..a4c71d2 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 02_index.patch
 fix-encoding.patch
 backward-compatibility.patch
+CVE-2017-13098.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/bouncycastle.git

More information about the pkg-java-commits mailing list