[Pkg-openssl-changes] r842 - openssl/branches/jessie/debian/patches

Kurt Roeckx kroeckx at moszumanska.debian.org
Fri Sep 23 17:48:38 UTC 2016


Author: kroeckx
Date: 2016-09-23 17:48:38 +0000 (Fri, 23 Sep 2016)
New Revision: 842

Modified:
   openssl/branches/jessie/debian/patches/CVE-2016-2182.patch
Log:
Add missing fix 3612ff6fcec0e3d1f2a598135fe12177c0419582


Modified: openssl/branches/jessie/debian/patches/CVE-2016-2182.patch
===================================================================
--- openssl/branches/jessie/debian/patches/CVE-2016-2182.patch	2016-09-22 19:31:15 UTC (rev 841)
+++ openssl/branches/jessie/debian/patches/CVE-2016-2182.patch	2016-09-23 17:48:38 UTC (rev 842)
@@ -1,32 +1,7 @@
-From 28a89639da50b1caed4ff3015508f23173bf3e49 Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve at openssl.org>
-Date: Fri, 5 Aug 2016 14:26:03 +0100
-Subject: [PATCH] Check for errors in BN_bn2dec()
-
-If an oversize BIGNUM is presented to BN_bn2dec() it can cause
-BN_div_word() to fail and not reduce the value of 't' resulting
-in OOB writes to the bn_data buffer and eventually crashing.
-
-Fix by checking return value of BN_div_word() and checking writes
-don't overflow buffer.
-
-Thanks to Shi Lei for reporting this bug.
-
-CVE-2016-2182
-
-Reviewed-by: Tim Hudson <tjh at openssl.org>
-(cherry picked from commit 07bed46f332fce8c1d157689a2cdf915a982ae34)
-
-Conflicts:
-	crypto/bn/bn_print.c
----
- crypto/bn/bn_print.c | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
-index bfa31ef..b44403e 100644
---- a/crypto/bn/bn_print.c
-+++ b/crypto/bn/bn_print.c
+Index: openssl-1.0.1t/crypto/bn/bn_print.c
+===================================================================
+--- openssl-1.0.1t.orig/crypto/bn/bn_print.c
++++ openssl-1.0.1t/crypto/bn/bn_print.c
 @@ -111,6 +111,7 @@ char *BN_bn2dec(const BIGNUM *a)
      char *p;
      BIGNUM *t = NULL;
@@ -48,18 +23,17 @@
      if ((buf == NULL) || (bn_data == NULL)) {
          BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
          goto err;
-@@ -143,7 +144,11 @@ char *BN_bn2dec(const BIGNUM *a)
-         i = 0;
+@@ -140,9 +141,12 @@ char *BN_bn2dec(const BIGNUM *a)
+         if (BN_is_negative(t))
+             *p++ = '-';
+ 
+-        i = 0;
          while (!BN_is_zero(t)) {
++            if (lp - bn_data >= bn_data_num)
++                goto err;
              *lp = BN_div_word(t, BN_DEC_CONV);
 +            if (*lp == (BN_ULONG)-1)
 +                goto err;
              lp++;
-+            if (lp - bn_data >= bn_data_num)
-+                goto err;
          }
          lp--;
-         /*
--- 
-2.9.3
-




More information about the Pkg-openssl-changes mailing list