[Pkg-swan-devel] [Git][debian/strongswan][stretch-security] 3 commits: d/p/CVE-2018-17540_gmp-pkcs1-overflow added

Thu Oct 4 20:01:29 BST 2018

Yves-Alexis Perez pushed to branch stretch-security at Debian / strongswan


Commits:
eb7a4796 by Yves-Alexis Perez at 2018-10-01T20:49:48Z
d/p/CVE-2018-17540_gmp-pkcs1-overflow added

fix an integer underflow and subsequent heap buffer overflow
vulnerability in the gmp plugin triggered by crafted certificates with
RSA keys with very small moduli (CVE-2018-17540)

- - - - -
d031c3c3 by Yves-Alexis Perez at 2018-10-01T20:51:32Z
finalize changelog

- - - - -
6cd32b0a by Yves-Alexis Perez at 2018-10-04T19:00:52Z
upload strongSwan 5.5.1-4+deb9u4 to stretch-security

- - - - -


3 changed files:

- debian/changelog
- + debian/patches/CVE-2018-17540_gmp-pkcs1-overflow.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,12 @@
+strongswan (5.5.1-4+deb9u4) stretch-security; urgency=medium
+
+  * d/p/CVE-2018-17540_gmp-pkcs1-overflow added, fix an integer underflow and
+    subsequent heap buffer overflow vulnerability in the gmp plugin triggered
+    by crafted certificates with RSA keys with very small moduli
+    (CVE-2018-17540)
+
+ -- Yves-Alexis Perez <corsac at debian.org>  Mon, 01 Oct 2018 22:51:38 +0200
+
 strongswan (5.5.1-4+deb9u3) stretch-security; urgency=medium
 
   * d/p/CVE-2018-16151+CVE-2018-16152_gmp-pkcs1-verify added


=====================================
debian/patches/CVE-2018-17540_gmp-pkcs1-overflow.patch
=====================================
@@ -0,0 +1,39 @@
+From 129ab919a8c3abfc17bea776f0774e0ccf33ca09 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias at strongswan.org>
+Date: Tue, 25 Sep 2018 14:50:08 +0200
+Subject: [PATCH] gmp: Fix buffer overflow with very small RSA keys
+
+Because `keylen` is unsigned the subtraction results in an integer
+underflow if the key length is < 11 bytes.
+
+This is only a problem when verifying signatures with a public key (for
+private keys the plugin enforces a minimum modulus length) and to do so
+we usually only use trusted keys.  However, the x509 plugin actually
+calls issued_by() on a parsed certificate to check if it is self-signed,
+which is the reason this issue was found by OSS-Fuzz in the first place.
+So, unfortunately, this can be triggered by sending an invalid client
+cert to a peer.
+
+Fixes: 5955db5b124a ("gmp: Don't parse PKCS1 v1.5 RSA signatures to verify them")
+Fixes: CVE-2018-17540
+---
+ src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+index e9a83fdf49a1..a255a40abce2 100644
+--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
++++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+@@ -301,7 +301,7 @@ bool gmp_emsa_pkcs1_signature_data(hash_algorithm_t hash_algorithm,
+ 		data = digestInfo;
+ 	}
+ 
+-	if (data.len > keylen - 11)
++	if (keylen < 11 || data.len > keylen - 11)
+ 	{
+ 		chunk_free(&digestInfo);
+ 		DBG1(DBG_LIB, "signature value of %zu bytes is too long for key of "
+-- 
+2.7.4
+
+
\ No newline at end of file


=====================================
debian/patches/series
=====================================
@@ -7,3 +7,4 @@ CVE-2017-11185.patch
 CVE-2018-10811.patch
 CVE-2018-5388.patch
 CVE-2018-16151+CVE-2018-16152_gmp-pkcs1-verify.patch
+CVE-2018-17540_gmp-pkcs1-overflow.patch



View it on GitLab: https://salsa.debian.org/debian/strongswan/compare/6f892c142d57d63e531a8a05c354897a7e9d68f4...6cd32b0a091a5ecf5cc12e0653ecad3802d5e539

-- 
View it on GitLab: https://salsa.debian.org/debian/strongswan/compare/6f892c142d57d63e531a8a05c354897a7e9d68f4...6cd32b0a091a5ecf5cc12e0653ecad3802d5e539
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-swan-devel/attachments/20181004/486e1f51/attachment-0001.html>
