[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: matrixssl

Hi Ola,
On Tue, Aug 23, 2016 at 08:39:29AM +0200, Ola Lundqvist wrote:
> Hi Guido
> 
> Brian wrote in his mail that he had not tried to reproduce the crash.
> Quote:
> "...although I don't have any exploits test it with."

There are exploits mentioned in the paper. I think we should test them
before releasing a DLA.
 -- Guido

> 
> Best regards
> 
> // Ola
> 
> On Tue, Aug 23, 2016 at 7:22 AM, Guido Günther <agx@sigxcpu.org> wrote:
> > On Mon, Aug 22, 2016 at 06:15:33PM +1000, Brian May wrote:
> >> Brian May <bam@debian.org> writes:
> >>
> >> > I will have a look and see if I can hack^h^h^h^hpatch the Debian package
> >> > to include the above security fix; although I don't have any exploits
> >> > test it with.
> >>
> >> Ok, I have attached my proposed debdiff patch. It builds using sbuild. I
> >> haven't claimed this package, and unlikely to have time to continue this
> >> month. So if anybody wants to take over before then, feel free to do so.
> >> --
> >> Brian May <bam@debian.org>
> >
> >> diff -u matrixssl-1.8.8/debian/changelog matrixssl-1.8.8/debian/changelog
> >> --- matrixssl-1.8.8/debian/changelog
> >> +++ matrixssl-1.8.8/debian/changelog
> >> @@ -1,3 +1,10 @@
> >> +matrixssl (1.8.8-1+deb7u1) wheezy-security; urgency=high
> >> +
> >> +  * Non-maintainer upload by the LTS Team.
> >> +  * Fix integer overflow in bn_reverse.
> >> +
> >> + -- Brian May <bam@debian.org>  Mon, 22 Aug 2016 18:09:05 +1000
> >> +
> >>  matrixssl (1.8.8-1) unstable; urgency=high
> >>
> >>    * new upstream version.
> >> diff -u matrixssl-1.8.8/debian/control matrixssl-1.8.8/debian/control
> >> --- matrixssl-1.8.8/debian/control
> >> +++ matrixssl-1.8.8/debian/control
> >> @@ -2,7 +2,7 @@
> >>  Priority: optional
> >>  Section: libs
> >>  Maintainer: Gerrit Pape <pape@smarden.org>
> >> -Build-Depends: dietlibc-dev [alpha amd64 arm hppa i386 ia64 mips mipsel powerpc ppc64 s390 sparc]
> >> +Build-Depends: dietlibc-dev [alpha amd64 arm hppa i386 ia64 mips mipsel powerpc ppc64 s390 sparc], quilt
> >>  Standards-Version: 3.8.0.1
> >>
> >>  Package: libmatrixssl1.8-dev
> >> diff -u matrixssl-1.8.8/debian/rules matrixssl-1.8.8/debian/rules
> >> --- matrixssl-1.8.8/debian/rules
> >> +++ matrixssl-1.8.8/debian/rules
> >> @@ -28,6 +28,7 @@
> >>  DIR =$(shell pwd)/debian/libmatrixssl$(SOVER)
> >>
> >>  unpack: deb-checkdir unpack-gnu-stamp unpack-diet-stamp
> >> +     quilt push -a
> >>  unpack-gnu-stamp:
> >>       mkdir -p gnu/static gnu/shared
> >>       (cd gnu/static && tar xzf - && ln -s matrixssl* matrixssl) <'$(TARGZ)'
> >> @@ -61,6 +62,7 @@
> >>       touch build-diet-stamp
> >>
> >>  clean: deb-checkdir deb-checkuid
> >> +     quilt pop -a || true
> >>       rm -rf gnu diet examples
> >>       rm -f unpack-gnu-stamp unpack-diet-stamp build-gnu-stamp \
> >>         build-diet-stamp
> >> only in patch2:
> >> unchanged:
> >> --- matrixssl-1.8.8.orig/.pc/.quilt_patches
> >> +++ matrixssl-1.8.8/.pc/.quilt_patches
> >> @@ -0,0 +1 @@
> >> +debian/patches
> >> only in patch2:
> >> unchanged:
> >> --- matrixssl-1.8.8.orig/.pc/.quilt_series
> >> +++ matrixssl-1.8.8/.pc/.quilt_series
> >> @@ -0,0 +1 @@
> >> +series
> >> only in patch2:
> >> unchanged:
> >> --- matrixssl-1.8.8.orig/.pc/.version
> >> +++ matrixssl-1.8.8/.pc/.version
> >> @@ -0,0 +1 @@
> >> +2
> >> only in patch2:
> >> unchanged:
> >> --- matrixssl-1.8.8.orig/debian/patches/fix-bn_reverse.patch
> >> +++ matrixssl-1.8.8/debian/patches/fix-bn_reverse.patch
> >> @@ -0,0 +1,36 @@
> >> +--- a/diet/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
> >> ++++ b/diet/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
> >> +@@ -945,6 +945,9 @@
> >> +     int32                           ix, iy;
> >> +     unsigned char   t;
> >> +
> >> ++    if (len == 0) {
> >> ++            return;
> >> ++    }
> >> +     ix = 0;
> >> +     iy = len - 1;
> >> +     while (ix < iy) {
> >> +--- a/gnu/shared/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
> >> ++++ b/gnu/shared/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
> >> +@@ -945,6 +945,9 @@
> >> +     int32                           ix, iy;
> >> +     unsigned char   t;
> >> +
> >> ++    if (len == 0) {
> >> ++            return;
> >> ++    }
> >> +     ix = 0;
> >> +     iy = len - 1;
> >> +     while (ix < iy) {
> >> +--- a/gnu/static/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
> >> ++++ b/gnu/static/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
> >> +@@ -945,6 +945,9 @@
> >> +     int32                           ix, iy;
> >> +     unsigned char   t;
> >> +
> >> ++    if (len == 0) {
> >> ++            return;
> >> ++    }
> >> +     ix = 0;
> >> +     iy = len - 1;
> >> +     while (ix < iy) {
> >> only in patch2:
> >> unchanged:
> >> --- matrixssl-1.8.8.orig/debian/patches/series
> >> +++ matrixssl-1.8.8/debian/patches/series
> >> @@ -0,0 +1 @@
> >> +fix-bn_reverse.patch
> >
> > Having the same hunk three times isn't pretty but I don't have a great
> > idea how this can be done better in the current packaging either.
> >
> > Did you try to reproduce the crash mentioned in the CVE details?
> >
> > Cheers,
> >  -- Guido
> 
> 
> 
> -- 
>  --- Inguza Technology AB --- MSc in Information Technology ----
> /  ola@inguza.com                    Folkebogatan 26            \
> |  opal@debian.org                   654 68 KARLSTAD            |
> |  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
> \  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
>  ---------------------------------------------------------------
>
Reply to: