svn commit: r191381 - head/crypto/openssl/crypto/asn1 releng/6.3
releng/6.3/crypto/openssl/crypto/asn1 releng/6.3/lib/libc/db/btree
releng/6.3/lib/libc/db/hash releng/6.3/lib/libc/db/mpool releng/6...
Philip M. Gollucci
pgollucci at p6m7g8.com
Fri Apr 24 22:28:26 UTC 2009
I feel like it would better use svn to commit to head, stable/7, releng/7,
stable/6, etc... seperately.
I tried to diff -rPREV or grab a patch and it didn't help much cause it had
all the different versions in it.
Thoughts, RTFM ?
Colin Percival wrote:
> Author: cperciva
> Date: Wed Apr 22 14:07:14 2009
> New Revision: 191381
> URL: http://svn.freebsd.org/changeset/base/191381
>
> Log:
> Don't leak information via uninitialized space in db(3) records. [09:07]
>
> Sanity-check string lengths in order to stop OpenSSL crashing
> when printing corrupt BMPString or UniversalString objects. [09:08]
>
> Security: FreeBSD-SA-09:07.libc
> Security: FreeBSD-SA-09:08.openssl
> Security: CVE-2009-0590
> Approved by: re (kensmith)
> Approved by: so (cperciva)
>
> Modified:
> stable/7/crypto/openssl/crypto/asn1/asn1.h
> stable/7/crypto/openssl/crypto/asn1/asn1_err.c
> stable/7/crypto/openssl/crypto/asn1/tasn_dec.c
>
> Changes in other areas also in this revision:
> Modified:
> head/crypto/openssl/crypto/asn1/asn1.h
> head/crypto/openssl/crypto/asn1/asn1_err.c
> head/crypto/openssl/crypto/asn1/tasn_dec.c
> releng/6.3/UPDATING
> releng/6.3/crypto/openssl/crypto/asn1/asn1.h
> releng/6.3/crypto/openssl/crypto/asn1/asn1_err.c
> releng/6.3/crypto/openssl/crypto/asn1/tasn_dec.c
> releng/6.3/lib/libc/db/btree/bt_split.c
> releng/6.3/lib/libc/db/hash/hash_buf.c
> releng/6.3/lib/libc/db/mpool/mpool.c
> releng/6.3/sys/conf/newvers.sh
> releng/6.4/UPDATING
> releng/6.4/crypto/openssl/crypto/asn1/asn1.h
> releng/6.4/crypto/openssl/crypto/asn1/asn1_err.c
> releng/6.4/crypto/openssl/crypto/asn1/tasn_dec.c
> releng/6.4/lib/libc/db/btree/bt_split.c
> releng/6.4/lib/libc/db/hash/hash_buf.c
> releng/6.4/lib/libc/db/mpool/mpool.c
> releng/6.4/sys/conf/newvers.sh
> releng/7.0/UPDATING
> releng/7.0/crypto/openssl/crypto/asn1/asn1.h
> releng/7.0/crypto/openssl/crypto/asn1/asn1_err.c
> releng/7.0/crypto/openssl/crypto/asn1/tasn_dec.c
> releng/7.0/lib/libc/db/btree/bt_split.c
> releng/7.0/lib/libc/db/hash/hash_buf.c
> releng/7.0/lib/libc/db/mpool/mpool.c
> releng/7.0/sys/conf/newvers.sh
> releng/7.1/UPDATING
> releng/7.1/crypto/openssl/crypto/asn1/asn1.h
> releng/7.1/crypto/openssl/crypto/asn1/asn1_err.c
> releng/7.1/crypto/openssl/crypto/asn1/tasn_dec.c
> releng/7.1/lib/libc/db/btree/bt_split.c
> releng/7.1/lib/libc/db/hash/hash_buf.c
> releng/7.1/lib/libc/db/mpool/mpool.c
> releng/7.1/sys/conf/newvers.sh
> releng/7.2/UPDATING
> releng/7.2/crypto/openssl/crypto/asn1/asn1.h
> releng/7.2/crypto/openssl/crypto/asn1/asn1_err.c
> releng/7.2/crypto/openssl/crypto/asn1/tasn_dec.c
> stable/6/crypto/openssl/crypto/asn1/asn1.h
> stable/6/crypto/openssl/crypto/asn1/asn1_err.c
> stable/6/crypto/openssl/crypto/asn1/tasn_dec.c
>
> Modified: stable/7/crypto/openssl/crypto/asn1/asn1.h
> ==============================================================================
> --- stable/7/crypto/openssl/crypto/asn1/asn1.h Wed Apr 22 13:31:52 2009 (r191380)
> +++ stable/7/crypto/openssl/crypto/asn1/asn1.h Wed Apr 22 14:07:14 2009 (r191381)
> @@ -1134,6 +1134,7 @@ void ERR_load_ASN1_strings(void);
> #define ASN1_R_BAD_OBJECT_HEADER 102
> #define ASN1_R_BAD_PASSWORD_READ 103
> #define ASN1_R_BAD_TAG 104
> +#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210
> #define ASN1_R_BN_LIB 105
> #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
> #define ASN1_R_BUFFER_TOO_SMALL 107
> @@ -1213,6 +1214,7 @@ void ERR_load_ASN1_strings(void);
> #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
> #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
> #define ASN1_R_UNEXPECTED_EOC 159
> +#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211
> #define ASN1_R_UNKNOWN_FORMAT 160
> #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161
> #define ASN1_R_UNKNOWN_OBJECT_TYPE 162
>
> Modified: stable/7/crypto/openssl/crypto/asn1/asn1_err.c
> ==============================================================================
> --- stable/7/crypto/openssl/crypto/asn1/asn1_err.c Wed Apr 22 13:31:52 2009 (r191380)
> +++ stable/7/crypto/openssl/crypto/asn1/asn1_err.c Wed Apr 22 14:07:14 2009 (r191381)
> @@ -188,6 +188,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
> {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"},
> {ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"},
> {ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"},
> +{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"},
> {ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"},
> {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
> {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"},
> @@ -267,6 +268,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
> {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
> {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
> {ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"},
> +{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"},
> {ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"},
> {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
> {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"},
>
> Modified: stable/7/crypto/openssl/crypto/asn1/tasn_dec.c
> ==============================================================================
> --- stable/7/crypto/openssl/crypto/asn1/tasn_dec.c Wed Apr 22 13:31:52 2009 (r191380)
> +++ stable/7/crypto/openssl/crypto/asn1/tasn_dec.c Wed Apr 22 14:07:14 2009 (r191381)
> @@ -1012,6 +1012,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const
> case V_ASN1_SET:
> case V_ASN1_SEQUENCE:
> default:
> + if (utype == V_ASN1_BMPSTRING && (len & 1))
> + {
> + ASN1err(ASN1_F_ASN1_EX_C2I,
> + ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
> + goto err;
> + }
> + if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
> + {
> + ASN1err(ASN1_F_ASN1_EX_C2I,
> + ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
> + goto err;
> + }
> /* All based on ASN1_STRING and handled the same */
> if (!*pval)
> {
> _______________________________________________
> svn-src-all at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/svn-src-all
> To unsubscribe, send any mail to "svn-src-all-unsubscribe at freebsd.org"
--
------------------------------------------------------------------------
1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C
Philip M. Gollucci (pgollucci at p6m7g8.com) c: 703.336.9354
Consultant - P6M7G8 Inc. http://p6m7g8.net
Senior Sys Admin - RideCharge, Inc. http://ridecharge.com
Contractor - PositiveEnergyUSA http://positiveenergyusa.com
ASF Member - Apache Software Foundation http://apache.org
FreeBSD Committer - FreeBSD Foundation http://freebsd.org
Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.
More information about the svn-src-stable-7
mailing list