From 1191bbadc88292d4fd9d4b1de762fb9acd57fcdf Mon Sep 17 00:00:00 2001 From: Sona Sarmadi Date: Wed, 13 Dec 2017 18:39:23 +0100 Subject: openssl: Fix for CVE-2017-3735 openssl: Malformed X.509 IPAdressFamily could cause OOB read References: https://www.openssl.org/news/secadv/20170828.txt https://nvd.nist.gov/vuln/detail/CVE-2017-3735 Signed-off-by: Sona Sarmadi Signed-off-by: Adrian Dudau --- .../openssl/openssl/CVE-2017-3735.patch | 43 ++++++++++++++++++++++ recipes-connectivity/openssl/openssl_%.bbappend | 4 ++ 2 files changed, 47 insertions(+) create mode 100644 recipes-connectivity/openssl/openssl/CVE-2017-3735.patch create mode 100644 recipes-connectivity/openssl/openssl_%.bbappend diff --git a/recipes-connectivity/openssl/openssl/CVE-2017-3735.patch b/recipes-connectivity/openssl/openssl/CVE-2017-3735.patch new file mode 100644 index 0000000..b0f8189 --- /dev/null +++ b/recipes-connectivity/openssl/openssl/CVE-2017-3735.patch @@ -0,0 +1,43 @@ +From 31c8b265591a0aaa462a1f3eb5770661aaac67db Mon Sep 17 00:00:00 2001 +From: Rich Salz +Date: Tue, 22 Aug 2017 11:44:41 -0400 +Subject: [PATCH] Avoid out-of-bounds read + +Fixes CVE-2017-3735 + +CVE: CVE-2017-3735 +Upstream-Status: Backport + +Reviewed-by: Kurt Roeckx +(Merged from https://github.com/openssl/openssl/pull/4276) + +(cherry picked from commit b23171744b01e473ebbfd6edad70c1c3825ffbcd) +Signed-off-by: Sona Sarmadi +--- + crypto/x509v3/v3_addr.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c +index 1290dec..af080a0 100644 +--- a/crypto/x509v3/v3_addr.c ++++ b/crypto/x509v3/v3_addr.c +@@ -130,10 +130,12 @@ static int length_from_afi(const unsigned afi) + */ + unsigned int v3_addr_get_afi(const IPAddressFamily *f) + { +- return ((f != NULL && +- f->addressFamily != NULL && f->addressFamily->data != NULL) +- ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1])) +- : 0); ++ if (f == NULL ++ || f->addressFamily == NULL ++ || f->addressFamily->data == NULL ++ || f->addressFamily->length < 2) ++ return 0; ++ return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1]; + } + + /* +-- +1.9.1 + diff --git a/recipes-connectivity/openssl/openssl_%.bbappend b/recipes-connectivity/openssl/openssl_%.bbappend new file mode 100644 index 0000000..a0b936a --- /dev/null +++ b/recipes-connectivity/openssl/openssl_%.bbappend @@ -0,0 +1,4 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +SRC_URI += "file://CVE-2017-3735.patch \ + " -- cgit v1.2.3-54-g00ecf