[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: matrixssl

Hi Guido

Brian wrote in his mail that he had not tried to reproduce the crash.
Quote:
"...although I don't have any exploits test it with."

Best regards

// Ola

On Tue, Aug 23, 2016 at 7:22 AM, Guido Günther <agx@sigxcpu.org> wrote:
> On Mon, Aug 22, 2016 at 06:15:33PM +1000, Brian May wrote:
>> Brian May <bam@debian.org> writes:
>>
>> > I will have a look and see if I can hack^h^h^h^hpatch the Debian package
>> > to include the above security fix; although I don't have any exploits
>> > test it with.
>>
>> Ok, I have attached my proposed debdiff patch. It builds using sbuild. I
>> haven't claimed this package, and unlikely to have time to continue this
>> month. So if anybody wants to take over before then, feel free to do so.
>> --
>> Brian May <bam@debian.org>
>
>> diff -u matrixssl-1.8.8/debian/changelog matrixssl-1.8.8/debian/changelog
>> --- matrixssl-1.8.8/debian/changelog
>> +++ matrixssl-1.8.8/debian/changelog
>> @@ -1,3 +1,10 @@
>> +matrixssl (1.8.8-1+deb7u1) wheezy-security; urgency=high
>> +
>> +  * Non-maintainer upload by the LTS Team.
>> +  * Fix integer overflow in bn_reverse.
>> +
>> + -- Brian May <bam@debian.org>  Mon, 22 Aug 2016 18:09:05 +1000
>> +
>>  matrixssl (1.8.8-1) unstable; urgency=high
>>
>>    * new upstream version.
>> diff -u matrixssl-1.8.8/debian/control matrixssl-1.8.8/debian/control
>> --- matrixssl-1.8.8/debian/control
>> +++ matrixssl-1.8.8/debian/control
>> @@ -2,7 +2,7 @@
>>  Priority: optional
>>  Section: libs
>>  Maintainer: Gerrit Pape <pape@smarden.org>
>> -Build-Depends: dietlibc-dev [alpha amd64 arm hppa i386 ia64 mips mipsel powerpc ppc64 s390 sparc]
>> +Build-Depends: dietlibc-dev [alpha amd64 arm hppa i386 ia64 mips mipsel powerpc ppc64 s390 sparc], quilt
>>  Standards-Version: 3.8.0.1
>>
>>  Package: libmatrixssl1.8-dev
>> diff -u matrixssl-1.8.8/debian/rules matrixssl-1.8.8/debian/rules
>> --- matrixssl-1.8.8/debian/rules
>> +++ matrixssl-1.8.8/debian/rules
>> @@ -28,6 +28,7 @@
>>  DIR =$(shell pwd)/debian/libmatrixssl$(SOVER)
>>
>>  unpack: deb-checkdir unpack-gnu-stamp unpack-diet-stamp
>> +     quilt push -a
>>  unpack-gnu-stamp:
>>       mkdir -p gnu/static gnu/shared
>>       (cd gnu/static && tar xzf - && ln -s matrixssl* matrixssl) <'$(TARGZ)'
>> @@ -61,6 +62,7 @@
>>       touch build-diet-stamp
>>
>>  clean: deb-checkdir deb-checkuid
>> +     quilt pop -a || true
>>       rm -rf gnu diet examples
>>       rm -f unpack-gnu-stamp unpack-diet-stamp build-gnu-stamp \
>>         build-diet-stamp
>> only in patch2:
>> unchanged:
>> --- matrixssl-1.8.8.orig/.pc/.quilt_patches
>> +++ matrixssl-1.8.8/.pc/.quilt_patches
>> @@ -0,0 +1 @@
>> +debian/patches
>> only in patch2:
>> unchanged:
>> --- matrixssl-1.8.8.orig/.pc/.quilt_series
>> +++ matrixssl-1.8.8/.pc/.quilt_series
>> @@ -0,0 +1 @@
>> +series
>> only in patch2:
>> unchanged:
>> --- matrixssl-1.8.8.orig/.pc/.version
>> +++ matrixssl-1.8.8/.pc/.version
>> @@ -0,0 +1 @@
>> +2
>> only in patch2:
>> unchanged:
>> --- matrixssl-1.8.8.orig/debian/patches/fix-bn_reverse.patch
>> +++ matrixssl-1.8.8/debian/patches/fix-bn_reverse.patch
>> @@ -0,0 +1,36 @@
>> +--- a/diet/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
>> ++++ b/diet/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
>> +@@ -945,6 +945,9 @@
>> +     int32                           ix, iy;
>> +     unsigned char   t;
>> +
>> ++    if (len == 0) {
>> ++            return;
>> ++    }
>> +     ix = 0;
>> +     iy = len - 1;
>> +     while (ix < iy) {
>> +--- a/gnu/shared/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
>> ++++ b/gnu/shared/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
>> +@@ -945,6 +945,9 @@
>> +     int32                           ix, iy;
>> +     unsigned char   t;
>> +
>> ++    if (len == 0) {
>> ++            return;
>> ++    }
>> +     ix = 0;
>> +     iy = len - 1;
>> +     while (ix < iy) {
>> +--- a/gnu/static/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
>> ++++ b/gnu/static/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
>> +@@ -945,6 +945,9 @@
>> +     int32                           ix, iy;
>> +     unsigned char   t;
>> +
>> ++    if (len == 0) {
>> ++            return;
>> ++    }
>> +     ix = 0;
>> +     iy = len - 1;
>> +     while (ix < iy) {
>> only in patch2:
>> unchanged:
>> --- matrixssl-1.8.8.orig/debian/patches/series
>> +++ matrixssl-1.8.8/debian/patches/series
>> @@ -0,0 +1 @@
>> +fix-bn_reverse.patch
>
> Having the same hunk three times isn't pretty but I don't have a great
> idea how this can be done better in the current packaging either.
>
> Did you try to reproduce the crash mentioned in the CVE details?
>
> Cheers,
>  -- Guido



-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------
Reply to: