Re: matrixssl
Hi Ola,
On Tue, Aug 23, 2016 at 08:39:29AM +0200, Ola Lundqvist wrote:
> Hi Guido
>
> Brian wrote in his mail that he had not tried to reproduce the crash.
> Quote:
> "...although I don't have any exploits test it with."
There are exploits mentioned in the paper. I think we should test them
before releasing a DLA.
-- Guido
>
> Best regards
>
> // Ola
>
> On Tue, Aug 23, 2016 at 7:22 AM, Guido Günther <agx@sigxcpu.org> wrote:
> > On Mon, Aug 22, 2016 at 06:15:33PM +1000, Brian May wrote:
> >> Brian May <bam@debian.org> writes:
> >>
> >> > I will have a look and see if I can hack^h^h^h^hpatch the Debian package
> >> > to include the above security fix; although I don't have any exploits
> >> > test it with.
> >>
> >> Ok, I have attached my proposed debdiff patch. It builds using sbuild. I
> >> haven't claimed this package, and unlikely to have time to continue this
> >> month. So if anybody wants to take over before then, feel free to do so.
> >> --
> >> Brian May <bam@debian.org>
> >
> >> diff -u matrixssl-1.8.8/debian/changelog matrixssl-1.8.8/debian/changelog
> >> --- matrixssl-1.8.8/debian/changelog
> >> +++ matrixssl-1.8.8/debian/changelog
> >> @@ -1,3 +1,10 @@
> >> +matrixssl (1.8.8-1+deb7u1) wheezy-security; urgency=high
> >> +
> >> + * Non-maintainer upload by the LTS Team.
> >> + * Fix integer overflow in bn_reverse.
> >> +
> >> + -- Brian May <bam@debian.org> Mon, 22 Aug 2016 18:09:05 +1000
> >> +
> >> matrixssl (1.8.8-1) unstable; urgency=high
> >>
> >> * new upstream version.
> >> diff -u matrixssl-1.8.8/debian/control matrixssl-1.8.8/debian/control
> >> --- matrixssl-1.8.8/debian/control
> >> +++ matrixssl-1.8.8/debian/control
> >> @@ -2,7 +2,7 @@
> >> Priority: optional
> >> Section: libs
> >> Maintainer: Gerrit Pape <pape@smarden.org>
> >> -Build-Depends: dietlibc-dev [alpha amd64 arm hppa i386 ia64 mips mipsel powerpc ppc64 s390 sparc]
> >> +Build-Depends: dietlibc-dev [alpha amd64 arm hppa i386 ia64 mips mipsel powerpc ppc64 s390 sparc], quilt
> >> Standards-Version: 3.8.0.1
> >>
> >> Package: libmatrixssl1.8-dev
> >> diff -u matrixssl-1.8.8/debian/rules matrixssl-1.8.8/debian/rules
> >> --- matrixssl-1.8.8/debian/rules
> >> +++ matrixssl-1.8.8/debian/rules
> >> @@ -28,6 +28,7 @@
> >> DIR =$(shell pwd)/debian/libmatrixssl$(SOVER)
> >>
> >> unpack: deb-checkdir unpack-gnu-stamp unpack-diet-stamp
> >> + quilt push -a
> >> unpack-gnu-stamp:
> >> mkdir -p gnu/static gnu/shared
> >> (cd gnu/static && tar xzf - && ln -s matrixssl* matrixssl) <'$(TARGZ)'
> >> @@ -61,6 +62,7 @@
> >> touch build-diet-stamp
> >>
> >> clean: deb-checkdir deb-checkuid
> >> + quilt pop -a || true
> >> rm -rf gnu diet examples
> >> rm -f unpack-gnu-stamp unpack-diet-stamp build-gnu-stamp \
> >> build-diet-stamp
> >> only in patch2:
> >> unchanged:
> >> --- matrixssl-1.8.8.orig/.pc/.quilt_patches
> >> +++ matrixssl-1.8.8/.pc/.quilt_patches
> >> @@ -0,0 +1 @@
> >> +debian/patches
> >> only in patch2:
> >> unchanged:
> >> --- matrixssl-1.8.8.orig/.pc/.quilt_series
> >> +++ matrixssl-1.8.8/.pc/.quilt_series
> >> @@ -0,0 +1 @@
> >> +series
> >> only in patch2:
> >> unchanged:
> >> --- matrixssl-1.8.8.orig/.pc/.version
> >> +++ matrixssl-1.8.8/.pc/.version
> >> @@ -0,0 +1 @@
> >> +2
> >> only in patch2:
> >> unchanged:
> >> --- matrixssl-1.8.8.orig/debian/patches/fix-bn_reverse.patch
> >> +++ matrixssl-1.8.8/debian/patches/fix-bn_reverse.patch
> >> @@ -0,0 +1,36 @@
> >> +--- a/diet/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
> >> ++++ b/diet/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
> >> +@@ -945,6 +945,9 @@
> >> + int32 ix, iy;
> >> + unsigned char t;
> >> +
> >> ++ if (len == 0) {
> >> ++ return;
> >> ++ }
> >> + ix = 0;
> >> + iy = len - 1;
> >> + while (ix < iy) {
> >> +--- a/gnu/shared/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
> >> ++++ b/gnu/shared/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
> >> +@@ -945,6 +945,9 @@
> >> + int32 ix, iy;
> >> + unsigned char t;
> >> +
> >> ++ if (len == 0) {
> >> ++ return;
> >> ++ }
> >> + ix = 0;
> >> + iy = len - 1;
> >> + while (ix < iy) {
> >> +--- a/gnu/static/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
> >> ++++ b/gnu/static/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
> >> +@@ -945,6 +945,9 @@
> >> + int32 ix, iy;
> >> + unsigned char t;
> >> +
> >> ++ if (len == 0) {
> >> ++ return;
> >> ++ }
> >> + ix = 0;
> >> + iy = len - 1;
> >> + while (ix < iy) {
> >> only in patch2:
> >> unchanged:
> >> --- matrixssl-1.8.8.orig/debian/patches/series
> >> +++ matrixssl-1.8.8/debian/patches/series
> >> @@ -0,0 +1 @@
> >> +fix-bn_reverse.patch
> >
> > Having the same hunk three times isn't pretty but I don't have a great
> > idea how this can be done better in the current packaging either.
> >
> > Did you try to reproduce the crash mentioned in the CVE details?
> >
> > Cheers,
> > -- Guido
>
>
>
> --
> --- Inguza Technology AB --- MSc in Information Technology ----
> / ola@inguza.com Folkebogatan 26 \
> | opal@debian.org 654 68 KARLSTAD |
> | http://inguza.com/ Mobile: +46 (0)70-332 1551 |
> \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
> ---------------------------------------------------------------
>
Reply to: