[Pkg-openssl-changes] r712 - openssl/branches/wheezy/debian/patches

[Kurt Roeckx]

Author: kroeckx
Date: 2015-01-08 21:09:58 +0000 (Thu, 08 Jan 2015)
New Revision: 712

Added:
   openssl/branches/wheezy/debian/patches/0082-Return-error-when-a-bit-string-indicates-an-invalid-.patch
Modified:
   openssl/branches/wheezy/debian/patches/series
Log:
Add missing patch


Added: openssl/branches/wheezy/debian/patches/0082-Return-error-when-a-bit-string-indicates-an-invalid-.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/0082-Return-error-when-a-bit-string-indicates-an-invalid-.patch	                        (rev 0)
+++ openssl/branches/wheezy/debian/patches/0082-Return-error-when-a-bit-string-indicates-an-invalid-.patch	2015-01-08 21:09:58 UTC (rev 712)
@@ -0,0 +1,62 @@
+From 86edf13b1c97526c0cf63c37342aaa01f5442688 Mon Sep 17 00:00:00 2001
+From: Kurt Roeckx <kurt at roeckx.be>
+Date: Mon, 15 Dec 2014 17:15:16 +0100
+Subject: [PATCH 082/117] Return error when a bit string indicates an invalid
+ amount of bits left
+
+Reviewed-by: Matt Caswell <matt at openssl.org>
+---
+ crypto/asn1/a_bitstr.c | 7 ++++++-
+ crypto/asn1/asn1.h     | 1 +
+ crypto/asn1/asn1_err.c | 1 +
+ 3 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
+index 3417996..4117a67 100644
+--- a/crypto/asn1/a_bitstr.c
++++ b/crypto/asn1/a_bitstr.c
+@@ -136,11 +136,16 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
+ 
+ 	p= *pp;
+ 	i= *(p++);
++	if (i > 7)
++		{
++		i=ASN1_R_INVALID_BIT_STRING_BITS_LEFT;
++		goto err;
++		}
+ 	/* We do this to preserve the settings.  If we modify
+ 	 * the settings, via the _set_bit function, we will recalculate
+ 	 * on output */
+ 	ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
+-	ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */
++	ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|i); /* set */
+ 
+ 	if (len-- > 1) /* using one because of the bits left byte */
+ 		{
+diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
+index 89a2ad4..672c97f 100644
+--- a/crypto/asn1/asn1.h
++++ b/crypto/asn1/asn1.h
+@@ -1329,6 +1329,7 @@ void ERR_load_ASN1_strings(void);
+ #define ASN1_R_ILLEGAL_TIME_VALUE			 184
+ #define ASN1_R_INTEGER_NOT_ASCII_FORMAT			 185
+ #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG		 128
++#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT		 220
+ #define ASN1_R_INVALID_BMPSTRING_LENGTH			 129
+ #define ASN1_R_INVALID_DIGIT				 130
+ #define ASN1_R_INVALID_MIME_TYPE			 205
+diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
+index 73686de..568a841 100644
+--- a/crypto/asn1/asn1_err.c
++++ b/crypto/asn1/asn1_err.c
+@@ -246,6 +246,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
+ {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE)   ,"illegal time value"},
+ {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"},
+ {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
++{ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),"invalid bit string bits left"},
+ {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
+ {ERR_REASON(ASN1_R_INVALID_DIGIT)        ,"invalid digit"},
+ {ERR_REASON(ASN1_R_INVALID_MIME_TYPE)    ,"invalid mime type"},
+-- 
+2.1.4
+

Modified: openssl/branches/wheezy/debian/patches/series
===================================================================
--- openssl/branches/wheezy/debian/patches/series	2015-01-08 21:03:11 UTC (rev 711)
+++ openssl/branches/wheezy/debian/patches/series	2015-01-08 21:09:58 UTC (rev 712)
@@ -74,6 +74,7 @@
 Fix-no-ssl3-configuration-option.patch
 #disable_sslv3.patch
 Keep-old-method-in-case-of-an-unsupported-protocol.patch
+0082-Return-error-when-a-bit-string-indicates-an-invalid-.patch
 0094-Fix-various-certificate-fingerprint-issues.patch
 0095-Constify-ASN1_TYPE_cmp-add-X509_ALGOR_cmp.patch
 0098-ECDH-downgrade-bug-fix.patch