On 2017-03-05 Andreas Metzler <ametzler@bebt.de> wrote:
> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian.org@packages.debian.org
> Usertags: pu
> Hello,
> I would like fix a number of minor issues in GnuTLS.
> Most of these (notably CVE-2017-533[4567]) are related to the PGP
> support, security does not intend to issue a DSA:
[...]
Hello,
upstream has now released 3.5.10/3.3.27 including these fixes and
another one on top:
+ 55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch
Addressed large allocation in OpenPGP certificate parsing, that could
lead in out-of-memory condition. Issue found using oss-fuzz project, and
was fixed by Alex Gaynor:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
[GNUTLS-SA-2017-3C]
Updated diff for jessie attached.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
diff -Nru gnutls28-3.3.8/debian/changelog gnutls28-3.3.8/debian/changelog
--- gnutls28-3.3.8/debian/changelog 2016-11-01 10:07:52.000000000 +0100
+++ gnutls28-3.3.8/debian/changelog 2017-03-06 19:13:23.000000000 +0100
@@ -1,3 +1,62 @@
+gnutls28 (3.3.8-6+deb8u5) jessie; urgency=medium
+
+ * Pull multiple fixes from gnutls_3_3_x branch:
+ + 55_00_pkcs12-fixed-the-calculation-of-p_size.patch
+ Fixed issue in PKCS#12 password encoding, which truncated
+ passwords over 32-characters. Reported by Mario Klebsch.
+ + 55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch
+ Fix double free in certificate information printing. If the PKIX
+ extension proxy was set with a policy language set but no policy
+ specified, that could lead to a double free. [GNUTLS-SA-2017-1]
+ CVE-2017-5334
+ + 55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch
+ Addressed memory leak in server side error path (issue found using
+ oss-fuzz project)
+ + 55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch
+ 55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch
+ 55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch
+ 55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch
+ 55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch
+ 55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch
+ 55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch
+ 55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch
+ 55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch
+ Addressed memory leaks and an infinite loop in OpenPGP certificate
+ parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project)
+ Addressed invalid memory accesses in OpenPGP certificate parsing.
+ (issues found using oss-fuzz project) [GNUTLS-SA-2017-2]
+ CVE-2017-5335 / CVE-2017-5336 / CVE-2017-5337
+ + 55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch
+ When returning success, but no elements,
+ gnutls_pkcs11_obj_list_import_url4, could have returned zero number of
+ elements with a pointer that was uninitialized. Ensure that an
+ initialized (i.e., null in that case), pointer is always returned.
+ + 55_13_cdk_pkt_read-enforce-packet-limits.patch Addressed integer
+ overflow resulting to invalid memory write in OpenPGP certificate
+ parsing. Issue found using oss-fuzz project:
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
+ [GNUTLS-SA-2017-3A]
+ + 55_14_opencdk-read_attribute-account-buffer-size.patch Addressed read
+ of 1 byte past the end of buffer in OpenPGP certificate parsing. Issue
+ found using oss-fuzz project:
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
+ (This patch is from gnutls_3_5_x branch.)
+ + 55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch
+ Addressed crashes in OpenPGP certificate parsing, related to private key
+ parser. No longer allow OpenPGP certificates (public keys) to contain
+ private key sub-packets. Issue found using oss-fuzz project:
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
+ [GNUTLS-SA-2017-3B]
+ + 55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch
+ Addressed large allocation in OpenPGP certificate parsing, that could
+ lead in out-of-memory condition. Issue found using oss-fuzz project, and
+ was fixed by Alex Gaynor:
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
+ [GNUTLS-SA-2017-3C]
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 06 Mar 2017 19:13:20 +0100
+
gnutls28 (3.3.8-6+deb8u4) jessie; urgency=medium
[ Salvatore Bonaccorso ]
diff -Nru gnutls28-3.3.8/debian/patches/55_00_pkcs12-fixed-the-calculation-of-p_size.patch gnutls28-3.3.8/debian/patches/55_00_pkcs12-fixed-the-calculation-of-p_size.patch
--- gnutls28-3.3.8/debian/patches/55_00_pkcs12-fixed-the-calculation-of-p_size.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_00_pkcs12-fixed-the-calculation-of-p_size.patch 2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,26 @@
+From 3979cbcb425b4088c822b0a75c78f5f1eef32291 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Mon, 28 Nov 2016 11:47:40 +0100
+Subject: [PATCH] pkcs12: fixed the calculation of p_size
+
+That affects passwords which exceed 32 characters.
+---
+ lib/x509/pkcs12_encr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/x509/pkcs12_encr.c b/lib/x509/pkcs12_encr.c
+index 85cd3f228..d8fd49f82 100644
+--- a/lib/x509/pkcs12_encr.c
++++ b/lib/x509/pkcs12_encr.c
+@@ -105,7 +105,7 @@ _gnutls_pkcs12_string_to_key(const mac_entry_st * me,
+ }
+
+ /* Store salt and password in BUF_I */
+- p_size = ((pwlen / 64) * 64) + 64;
++ p_size = (((2*pwlen) / 64) * 64) + 64;
+
+ if (p_size > sizeof(buf_i) - 64)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+--
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch gnutls28-3.3.8/debian/patches/55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch
--- gnutls28-3.3.8/debian/patches/55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch 2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,76 @@
+From bbfd47d4bb6935b3eddae227deb9f340e2c1a69d Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Thu, 15 Dec 2016 15:02:18 +0100
+Subject: [PATCH] gnutls_x509_ext_import_proxy: fix issue reading the policy
+ language
+
+If the language was set but the policy wasn't, that could lead to
+a double free, as the value returned to the user was freed.
+---
+ lib/x509/x509_ext.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
+index f974b0279..ed0ad1d14 100644
+--- a/lib/x509/x509_ext.c
++++ b/lib/x509/x509_ext.c
+@@ -1414,7 +1414,8 @@ int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen,
+ {
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+- gnutls_datum_t value = { NULL, 0 };
++ gnutls_datum_t value1 = { NULL, 0 };
++ gnutls_datum_t value2 = { NULL, 0 };
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.ProxyCertInfo",
+@@ -1444,20 +1445,18 @@ int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen,
+ }
+
+ result = _gnutls_x509_read_value(c2, "proxyPolicy.policyLanguage",
+- &value);
++ &value1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (policyLanguage) {
+- *policyLanguage = (char *)value.data;
+- } else {
+- gnutls_free(value.data);
+- value.data = NULL;
++ *policyLanguage = (char *)value1.data;
++ value1.data = NULL;
+ }
+
+- result = _gnutls_x509_read_value(c2, "proxyPolicy.policy", &value);
++ result = _gnutls_x509_read_value(c2, "proxyPolicy.policy", &value2);
+ if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) {
+ if (policy)
+ *policy = NULL;
+@@ -1468,16 +1467,17 @@ int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen,
+ goto cleanup;
+ } else {
+ if (policy) {
+- *policy = (char *)value.data;
+- value.data = NULL;
++ *policy = (char *)value2.data;
++ value2.data = NULL;
+ }
+ if (sizeof_policy)
+- *sizeof_policy = value.size;
++ *sizeof_policy = value2.size;
+ }
+
+ result = 0;
+ cleanup:
+- gnutls_free(value.data);
++ gnutls_free(value1.data);
++ gnutls_free(value2.data);
+ asn1_delete_structure(&c2);
+
+ return result;
+--
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch gnutls28-3.3.8/debian/patches/55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch
--- gnutls28-3.3.8/debian/patches/55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch 2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,39 @@
+From 097a347d7bad44c8d187363d45465d5db7eaf723 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Wed, 4 Jan 2017 09:46:26 +0100
+Subject: [PATCH] auth rsa: eliminated memory leak on pkcs-1 formatting attack
+ path
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/auth/rsa.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
+index 128e7b4b8..140f17043 100644
+--- a/lib/auth/rsa.c
++++ b/lib/auth/rsa.c
+@@ -112,7 +112,7 @@ static int
+ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
+ {
+- gnutls_datum_t plaintext;
++ gnutls_datum_t plaintext = {NULL, 0};
+ gnutls_datum_t ciphertext;
+ int ret, dsize;
+ int randomize_key = 0;
+@@ -150,6 +150,11 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
+ _gnutls_audit_log(session,
+ "auth_rsa: Possible PKCS #1 format attack\n");
+ randomize_key = 1;
++
++ if (ret >= 0) {
++ gnutls_free(plaintext.data);
++ plaintext.data = NULL;
++ }
+ } else {
+ /* If the secret was properly formatted, then
+ * check the version number.
+--
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch gnutls28-3.3.8/debian/patches/55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch
--- gnutls28-3.3.8/debian/patches/55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch 2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,26 @@
+From 03d1e6089230bad79b78ce6e8ea2b872cbaf37e2 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Mon, 29 Feb 2016 09:48:12 +0100
+Subject: [PATCH 1/8] opencdk: Fixes to prevent undefined behavior (found with
+ libubsan)
+
+---
+ lib/opencdk/misc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/opencdk/misc.c b/lib/opencdk/misc.c
+index 0d4ee8912..35172e5dd 100644
+--- a/lib/opencdk/misc.c
++++ b/lib/opencdk/misc.c
+@@ -41,7 +41,7 @@ u32 _cdk_buftou32(const byte * buf)
+
+ if (!buf)
+ return 0;
+- u = buf[0] << 24;
++ u = ((u32)buf[0]) << 24;
+ u |= buf[1] << 16;
+ u |= buf[2] << 8;
+ u |= buf[3];
+--
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch gnutls28-3.3.8/debian/patches/55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch
--- gnutls28-3.3.8/debian/patches/55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch 2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,70 @@
+From 16862f233f4600a4c1c827be8b1a18b6f80e0ce4 Mon Sep 17 00:00:00 2001
+From: Alex Gaynor <alex.gaynor@gmail.com>
+Date: Mon, 26 Dec 2016 13:15:25 -0500
+Subject: [PATCH 2/8] Do not infinite loop if an EOF occurs while skipping a
+ PGP packet
+
+Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
+---
+ lib/opencdk/read-packet.c | 21 ++++++++++++++++-----
+ 1 file changed, 16 insertions(+), 5 deletions(-)
+
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index becd6cb76..67ea938f7 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -42,8 +42,13 @@
+ static int
+ stream_read(cdk_stream_t s, void *buf, size_t buflen, size_t * r_nread)
+ {
+- *r_nread = cdk_stream_read(s, buf, buflen);
+- return *r_nread > 0 ? 0 : _cdk_stream_get_errno(s);
++ int res = cdk_stream_read(s, buf, buflen);
++ if (res > 0) {
++ *r_nread = res;
++ return 0;
++ } else {
++ return (cdk_stream_eof(s) ? EOF : _cdk_stream_get_errno(s));
++ }
+ }
+
+
+@@ -875,18 +880,22 @@ read_new_length(cdk_stream_t inp,
+
+
+ /* Skip the current packet body. */
+-static void skip_packet(cdk_stream_t inp, size_t pktlen)
++static cdk_error_t skip_packet(cdk_stream_t inp, size_t pktlen)
+ {
+ byte buf[BUFSIZE];
+ size_t nread, buflen = DIM(buf);
+
+ while (pktlen > 0) {
+- stream_read(inp, buf, pktlen > buflen ? buflen : pktlen,
++ cdk_error_t rc;
++ rc = stream_read(inp, buf, pktlen > buflen ? buflen : pktlen,
+ &nread);
++ if (rc)
++ return rc;
+ pktlen -= nread;
+ }
+
+ assert(pktlen == 0);
++ return 0;
+ }
+
+
+@@ -1087,7 +1096,9 @@ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt)
+
+ default:
+ /* Skip all packets we don't understand */
+- skip_packet(inp, pktlen);
++ rc = skip_packet(inp, pktlen);
++ if (rc)
++ return gnutls_assert_val(rc);
+ break;
+ }
+
+--
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch gnutls28-3.3.8/debian/patches/55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch
--- gnutls28-3.3.8/debian/patches/55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch 2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,28 @@
+From 9ca2dccfb51c487b6dc14c64b73a1668d0801086 Mon Sep 17 00:00:00 2001
+From: Alex Gaynor <alex.gaynor@gmail.com>
+Date: Fri, 30 Dec 2016 21:17:22 -0500
+Subject: [PATCH 3/8] Attempt to fix a leak in OpenPGP cert parsing.
+
+---
+ lib/opencdk/read-packet.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index 67ea938f7..f1d165053 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -510,8 +510,10 @@ read_attribute(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr,
+ p++;
+ len--;
+
+- if (len >= pktlen)
++ if (len >= pktlen) {
++ cdk_free(buf);
+ return CDK_Inv_Packet;
++ }
+ attr->attrib_img = cdk_calloc(1, len);
+ if (!attr->attrib_img) {
+ cdk_free(buf);
+--
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch gnutls28-3.3.8/debian/patches/55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch
--- gnutls28-3.3.8/debian/patches/55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch 2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,29 @@
+From affb3d659681af1dca04448e25f27c7e22eda0c7 Mon Sep 17 00:00:00 2001
+From: Alex Gaynor <alex.gaynor@gmail.com>
+Date: Sun, 1 Jan 2017 09:15:09 -0500
+Subject: [PATCH 4/8] Corrected a leak in OpenPGP sub-packet parsing.
+
+Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
+---
+ lib/opencdk/read-packet.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index f1d165053..8cba25c47 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -596,8 +596,10 @@ read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes)
+ node->size--;
+ rc = stream_read(inp, node->d, node->size, &nread);
+ n += nread;
+- if (rc)
++ if (rc) {
++ cdk_subpkt_free(node);
+ return rc;
++ }
+ *r_nbytes = n;
+ if (!*r_ctx)
+ *r_ctx = node;
+--
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch gnutls28-3.3.8/debian/patches/55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch
--- gnutls28-3.3.8/debian/patches/55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch 2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,98 @@
+From 6231a4a087f9fdbd5f5f274e80c7a71e3e45b9c8 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Wed, 4 Jan 2017 14:42:03 +0100
+Subject: [PATCH 5/8] opencdk: read_attribute: added more precise checks when
+ reading stream
+
+That addresses heap read overflows found using oss-fuzz:
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/opencdk/read-packet.c | 40 +++++++++++++++++++++++++++++-----------
+ 1 file changed, 29 insertions(+), 11 deletions(-)
+
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index 8cba25c47..e8ff24ffe 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -483,46 +483,64 @@ read_attribute(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr,
+ return CDK_Out_Of_Core;
+ rc = stream_read(inp, buf, pktlen, &nread);
+ if (rc) {
+- cdk_free(buf);
+- return CDK_Inv_Packet;
++ gnutls_assert();
++ rc = CDK_Inv_Packet;
++ goto error;
+ }
++
+ p = buf;
+ len = *p++;
+ pktlen--;
++
+ if (len == 255) {
++ if (pktlen < 4) {
++ gnutls_assert();
++ rc = CDK_Inv_Packet;
++ goto error;
++ }
++
+ len = _cdk_buftou32(p);
+ p += 4;
+ pktlen -= 4;
+ } else if (len >= 192) {
+ if (pktlen < 2) {
+- cdk_free(buf);
+- return CDK_Inv_Packet;
++ gnutls_assert();
++ rc = CDK_Inv_Packet;
++ goto error;
+ }
++
+ len = ((len - 192) << 8) + *p + 192;
+ p++;
+ pktlen--;
+ }
+
+- if (*p != 1) { /* Currently only 1, meaning an image, is defined. */
+- cdk_free(buf);
+- return CDK_Inv_Packet;
++ if (!len || *p != 1) { /* Currently only 1, meaning an image, is defined. */
++ rc = CDK_Inv_Packet;
++ goto error;
+ }
++
+ p++;
+ len--;
+
+ if (len >= pktlen) {
+- cdk_free(buf);
+- return CDK_Inv_Packet;
++ rc = CDK_Inv_Packet;
++ goto error;
+ }
++
+ attr->attrib_img = cdk_calloc(1, len);
+ if (!attr->attrib_img) {
+- cdk_free(buf);
+- return CDK_Out_Of_Core;
++ rc = CDK_Out_Of_Core;
++ goto error;
+ }
++
+ attr->attrib_len = len;
+ memcpy(attr->attrib_img, p, len);
+ cdk_free(buf);
+ return rc;
++
++ error:
++ cdk_free(buf);
++ return rc;
+ }
+
+
+--
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch gnutls28-3.3.8/debian/patches/55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch
--- gnutls28-3.3.8/debian/patches/55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch 2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,42 @@
+From 7dec871f82e205107a81281e3286f0aa9caa93b3 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Wed, 4 Jan 2017 14:56:50 +0100
+Subject: [PATCH 6/8] opencdk: cdk_pk_get_keyid: fix stack overflow
+
+Issue found using oss-fuzz:
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/opencdk/pubkey.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/lib/opencdk/pubkey.c b/lib/opencdk/pubkey.c
+index 6e753bd25..da43129f9 100644
+--- a/lib/opencdk/pubkey.c
++++ b/lib/opencdk/pubkey.c
+@@ -518,6 +518,7 @@ u32 cdk_pk_get_keyid(cdk_pubkey_t pk, u32 * keyid)
+ {
+ u32 lowbits = 0;
+ byte buf[24];
++ int rc;
+
+ if (pk && (!pk->keyid[0] || !pk->keyid[1])) {
+ if (pk->version < 4 && is_RSA(pk->pubkey_algo)) {
+@@ -525,7 +526,12 @@ u32 cdk_pk_get_keyid(cdk_pubkey_t pk, u32 * keyid)
+ size_t n;
+
+ n = MAX_MPI_BYTES;
+- _gnutls_mpi_print(pk->mpi[0], p, &n);
++ rc = _gnutls_mpi_print(pk->mpi[0], p, &n);
++ if (rc < 0 || n < 8) {
++ keyid[0] = keyid[1] = (u32)-1;
++ return (u32)-1;
++ }
++
+ pk->keyid[0] =
+ p[n - 8] << 24 | p[n - 7] << 16 | p[n -
+ 6] << 8 |
+--
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch gnutls28-3.3.8/debian/patches/55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch
--- gnutls28-3.3.8/debian/patches/55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch 2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,139 @@
+From 785af1ab577f899d2e54172ff120f404709bf172 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Wed, 4 Jan 2017 15:22:13 +0100
+Subject: [PATCH 7/8] opencdk: added error checking in the stream reading
+ functions
+
+This addresses an out of memory error. Issue found using oss-fuzz:
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/opencdk/read-packet.c | 40 +++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 35 insertions(+), 5 deletions(-)
+
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index e8ff24ffe..7a474ff54 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -43,6 +43,7 @@ static int
+ stream_read(cdk_stream_t s, void *buf, size_t buflen, size_t * r_nread)
+ {
+ int res = cdk_stream_read(s, buf, buflen);
++
+ if (res > 0) {
+ *r_nread = res;
+ return 0;
+@@ -56,13 +57,13 @@ stream_read(cdk_stream_t s, void *buf, size_t buflen, size_t * r_nread)
+ static u32 read_32(cdk_stream_t s)
+ {
+ byte buf[4];
+- size_t nread;
++ size_t nread = 0;
+
+ assert(s != NULL);
+
+ stream_read(s, buf, 4, &nread);
+ if (nread != 4)
+- return (u32) - 1;
++ return (u32) -1;
+ return buf[0] << 24 | buf[1] << 16 | buf[2] << 8 | buf[3];
+ }
+
+@@ -71,7 +72,7 @@ static u32 read_32(cdk_stream_t s)
+ static u16 read_16(cdk_stream_t s)
+ {
+ byte buf[2];
+- size_t nread;
++ size_t nread = 0;
+
+ assert(s != NULL);
+
+@@ -573,7 +574,7 @@ read_user_id(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t user_id)
+ static cdk_error_t
+ read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes)
+ {
+- byte c, c1;
++ int c, c1;
+ size_t size, nread, n;
+ cdk_subpkt_t node;
+ cdk_error_t rc;
+@@ -588,11 +589,18 @@ read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes)
+ *r_nbytes = 0;
+ c = cdk_stream_getc(inp);
+ n++;
++
+ if (c == 255) {
+ size = read_32(inp);
++ if (size == (u32)-1)
++ return CDK_Inv_Packet;
++
+ n += 4;
+ } else if (c >= 192 && c < 255) {
+ c1 = cdk_stream_getc(inp);
++ if (c1 == EOF)
++ return CDK_Inv_Packet;
++
+ n++;
+ if (c1 == 0)
+ return 0;
+@@ -859,17 +867,29 @@ static void
+ read_old_length(cdk_stream_t inp, int ctb, size_t * r_len, size_t * r_size)
+ {
+ int llen = ctb & 0x03;
++ int c;
+
+ if (llen == 0) {
+- *r_len = cdk_stream_getc(inp);
++ c = cdk_stream_getc(inp);
++ if (c == EOF)
++ goto fail;
++
++ *r_len = c;
+ (*r_size)++;
+ } else if (llen == 1) {
+ *r_len = read_16(inp);
++ if (*r_len == (u16)-1)
++ goto fail;
+ (*r_size) += 2;
+ } else if (llen == 2) {
+ *r_len = read_32(inp);
++ if (*r_len == (u32)-1) {
++ goto fail;
++ }
++
+ (*r_size) += 4;
+ } else {
++ fail:
+ *r_len = 0;
+ *r_size = 0;
+ }
+@@ -884,15 +904,25 @@ read_new_length(cdk_stream_t inp,
+ int c, c1;
+
+ c = cdk_stream_getc(inp);
++ if (c == EOF)
++ return;
++
+ (*r_size)++;
+ if (c < 192)
+ *r_len = c;
+ else if (c >= 192 && c <= 223) {
+ c1 = cdk_stream_getc(inp);
++ if (c1 == EOF)
++ return;
++
+ (*r_size)++;
+ *r_len = ((c - 192) << 8) + c1 + 192;
+ } else if (c == 255) {
+ *r_len = read_32(inp);
++ if (*r_len == (u32)-1) {
++ return;
++ }
++
+ (*r_size) += 4;
+ } else {
+ *r_len = 1 << (c & 0x1f);
+--
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch gnutls28-3.3.8/debian/patches/55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch
--- gnutls28-3.3.8/debian/patches/55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch 2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,35 @@
+From d16ccb7ee8b890c4e9fe5a9e062c0d525c44340c Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Tue, 17 Jan 2017 13:34:33 +0100
+Subject: [PATCH] opencdk: improved error code checking in the stream reading
+ functions
+
+This ammends 49be4f7b82eba2363bb8d4090950dad976a77a3a
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/opencdk/read-packet.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index 7a474ff54..8a8d87a1f 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -918,11 +918,12 @@ read_new_length(cdk_stream_t inp,
+ (*r_size)++;
+ *r_len = ((c - 192) << 8) + c1 + 192;
+ } else if (c == 255) {
+- *r_len = read_32(inp);
+- if (*r_len == (u32)-1) {
++ c1 = read_32(inp);
++ if (c1 == (u32)-1) {
+ return;
+ }
+
++ *r_len = c1;
+ (*r_size) += 4;
+ } else {
+ *r_len = 1 << (c & 0x1f);
+--
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch gnutls28-3.3.8/debian/patches/55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch
--- gnutls28-3.3.8/debian/patches/55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch 2017-03-05 18:40:52.000000000 +0100
@@ -0,0 +1,26 @@
+From 5888e3cc63611396adb90d3ad1dc42a0bdb5850b Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Mon, 20 Feb 2017 11:14:49 +0100
+Subject: [PATCH] opencdk/read-packet.c: corrected typo in type cast
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/opencdk/read-packet.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index d95845d56..a2631fed1 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -919,7 +919,7 @@ read_new_length(cdk_stream_t inp,
+ *r_len = ((c - 192) << 8) + c1 + 192;
+ } else if (c == 255) {
+ c1 = read_32(inp);
+- if (c1 == (u32)-1) {
++ if (c1 == -1) {
+ return;
+ }
+
+--
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch gnutls28-3.3.8/debian/patches/55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch
--- gnutls28-3.3.8/debian/patches/55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch 2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,31 @@
+From 0715c72c482931b962294f9388f28fbb2a707d80 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Fri, 3 Feb 2017 23:41:51 +0100
+Subject: [PATCH] gnutls_pkcs11_obj_list_import_url2: Always return an
+ initialized pointer
+
+When returning success, but no elements, gnutls_pkcs11_obj_list_import_url4,
+could have returned zero number of elements with a pointer that was uninitialized.
+Ensure that an initialized (i.e., null in that case), pointer is always returned.
+Reported by Jeremy Harris.
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/pkcs11.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/pkcs11.c b/lib/pkcs11.c
+index d99dedff6..f5cf99d65 100644
+--- a/lib/pkcs11.c
++++ b/lib/pkcs11.c
+@@ -3019,6 +3019,7 @@ gnutls_pkcs11_obj_list_import_url2(gnutls_pkcs11_obj_t ** p_list,
+ if (ret < 0) {
+ gnutls_assert();
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
++ *p_list = NULL;
+ *n_list = 0;
+ ret = 0;
+ }
+--
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_13_cdk_pkt_read-enforce-packet-limits.patch gnutls28-3.3.8/debian/patches/55_13_cdk_pkt_read-enforce-packet-limits.patch
--- gnutls28-3.3.8/debian/patches/55_13_cdk_pkt_read-enforce-packet-limits.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_13_cdk_pkt_read-enforce-packet-limits.patch 2017-03-05 08:33:00.000000000 +0100
@@ -0,0 +1,55 @@
+From 09a2f72584bb52ba87a97ee291729d6609229626 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Mon, 20 Feb 2017 11:13:08 +0100
+Subject: [PATCH] cdk_pkt_read: enforce packet limits
+
+That ensures that there are no overflows in the subsequent
+calculations.
+
+Resolves the oss-fuzz found bug:
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
+
+Relates: #159
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/opencdk/read-packet.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index 8a8d87a1f..d95845d56 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -951,6 +951,7 @@ static cdk_error_t skip_packet(cdk_stream_t inp, size_t pktlen)
+ return 0;
+ }
+
++#define MAX_PACKET_LEN (1<<24)
+
+ /**
+ * cdk_pkt_read:
+@@ -1003,6 +1004,13 @@ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt)
+ else
+ read_old_length(inp, ctb, &pktlen, &pktsize);
+
++ /* enforce limits to ensure that the following calculations
++ * do not overflow */
++ if (pktlen >= MAX_PACKET_LEN || pktsize >= MAX_PACKET_LEN) {
++ _cdk_log_info("cdk_pkt_read: too long packet\n");
++ return gnutls_assert_val(CDK_Inv_Packet);
++ }
++
+ pkt->pkttype = pkttype;
+ pkt->pktlen = pktlen;
+ pkt->pktsize = pktsize + pktlen;
+@@ -1027,6 +1035,7 @@ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt)
+ break;
+
+ case CDK_PKT_USER_ID:
++
+ pkt->pkt.user_id = cdk_calloc(1, sizeof *pkt->pkt.user_id
+ + pkt->pktlen + 1);
+ if (!pkt->pkt.user_id)
+--
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_14_opencdk-read_attribute-account-buffer-size.patch gnutls28-3.3.8/debian/patches/55_14_opencdk-read_attribute-account-buffer-size.patch
--- gnutls28-3.3.8/debian/patches/55_14_opencdk-read_attribute-account-buffer-size.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_14_opencdk-read_attribute-account-buffer-size.patch 2017-03-05 16:09:01.000000000 +0100
@@ -0,0 +1,33 @@
+From 3f5b3a45e4ad9520f5efc02676f996f780169e40 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Thu, 23 Feb 2017 11:10:04 +0100
+Subject: [PATCH] opencdk: read_attribute: account buffer size
+
+That ensures that there is no read past the end of buffer.
+
+Resolves the oss-fuzz found bug:
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
+
+Relates: #159
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/opencdk/read-packet.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index 87ab06c56..ba1223bd3 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -514,7 +514,7 @@ read_attribute(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr,
+ pktlen--;
+ }
+
+- if (!len || *p != 1) { /* Currently only 1, meaning an image, is defined. */
++ if (!len || pktlen == 0 || *p != 1) { /* Currently only 1, meaning an image, is defined. */
+ rc = CDK_Inv_Packet;
+ goto error;
+ }
+--
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch gnutls28-3.3.8/debian/patches/55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch
--- gnutls28-3.3.8/debian/patches/55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch 2017-03-05 08:34:43.000000000 +0100
@@ -0,0 +1,243 @@
+From 9fe2b08714ac25a079f58790fd577b156bf5bf93 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Wed, 1 Mar 2017 07:54:04 +0100
+Subject: [PATCH] opencdk: do not parse any secret keys in packet when reading
+ a certificate
+
+This reduces the attack surface on the parsers, and prevents any bugs
+in the secret key parser to be exploitable by inserting secret key
+sub-packets into an openpgp certificate.
+
+This addresses:
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+---
+ lib/opencdk/kbnode.c | 6 ++++--
+ lib/opencdk/keydb.c | 14 +++++++-------
+ lib/opencdk/literal.c | 2 +-
+ lib/opencdk/opencdk.h | 7 ++++---
+ lib/opencdk/read-packet.c | 10 +++++++++-
+ lib/openpgp/gnutls_openpgp.c | 2 +-
+ lib/openpgp/pgp.c | 2 +-
+ lib/openpgp/privkey.c | 2 +-
+ 8 files changed, 28 insertions(+), 17 deletions(-)
+
+diff --git a/lib/opencdk/kbnode.c b/lib/opencdk/kbnode.c
+index c28cb349b..f865b16ca 100644
+--- a/lib/opencdk/kbnode.c
++++ b/lib/opencdk/kbnode.c
+@@ -369,12 +369,14 @@ cdk_packet_t cdk_kbnode_get_packet(cdk_kbnode_t node)
+ * @armor: whether base64 or not
+ * @buf: the buffer which stores the key sequence
+ * @buflen: the length of the buffer
++ * @public: non-zero if reading a public key
+ *
+ * Tries to read a key node from the memory buffer @buf.
+ **/
+ cdk_error_t
+ cdk_kbnode_read_from_mem(cdk_kbnode_t * ret_node,
+- int armor, const byte * buf, size_t buflen)
++ int armor, const byte * buf, size_t buflen,
++ unsigned public)
+ {
+ cdk_stream_t inp;
+ cdk_error_t rc;
+@@ -393,7 +395,7 @@ cdk_kbnode_read_from_mem(cdk_kbnode_t * ret_node,
+ if (armor)
+ cdk_stream_set_armor_flag(inp, 0);
+
+- rc = cdk_keydb_get_keyblock(inp, ret_node);
++ rc = cdk_keydb_get_keyblock(inp, ret_node, public);
+ if (rc)
+ gnutls_assert();
+ cdk_stream_close(inp);
+diff --git a/lib/opencdk/keydb.c b/lib/opencdk/keydb.c
+index 64eebf034..9112d9ab5 100644
+--- a/lib/opencdk/keydb.c
++++ b/lib/opencdk/keydb.c
+@@ -108,7 +108,7 @@ static cdk_error_t keydb_idx_build(const char *file)
+ while (!cdk_stream_eof(inp)) {
+ off_t pos = cdk_stream_tell(inp);
+
+- rc = cdk_pkt_read(inp, pkt);
++ rc = cdk_pkt_read(inp, pkt, 1);
+ if (rc) {
+ _cdk_log_debug
+ ("index build failed packet off=%lu\n",
+@@ -816,7 +816,7 @@ cdk_keydb_search(cdk_keydb_search_t st, cdk_keydb_hd_t hd,
+
+ pos = cdk_stream_tell(kr);
+
+- rc = cdk_keydb_get_keyblock(kr, &knode);
++ rc = cdk_keydb_get_keyblock(kr, &knode, 1);
+
+ if (rc) {
+ if (rc == CDK_EOF)
+@@ -1679,7 +1679,7 @@ add_key_usage(cdk_kbnode_t knode, u32 keyid[2], unsigned int usage)
+ }
+
+ cdk_error_t
+-cdk_keydb_get_keyblock(cdk_stream_t inp, cdk_kbnode_t * r_knode)
++cdk_keydb_get_keyblock(cdk_stream_t inp, cdk_kbnode_t * r_knode, unsigned public)
+ {
+ cdk_packet_t pkt;
+ cdk_kbnode_t knode, node;
+@@ -1706,7 +1706,7 @@ cdk_keydb_get_keyblock(cdk_stream_t inp, cdk_kbnode_t * r_knode)
+ while (!cdk_stream_eof(inp)) {
+ cdk_pkt_new(&pkt);
+ old_off = cdk_stream_tell(inp);
+- rc = cdk_pkt_read(inp, pkt);
++ rc = cdk_pkt_read(inp, pkt, public);
+ if (rc) {
+ cdk_pkt_release(pkt);
+ if (rc == CDK_EOF)
+@@ -2126,7 +2126,7 @@ cdk_error_t cdk_keydb_check_sk(cdk_keydb_hd_t hd, u32 * keyid)
+ return rc;
+ }
+ cdk_pkt_new(&pkt);
+- while (!cdk_pkt_read(db, pkt)) {
++ while (!cdk_pkt_read(db, pkt, 0)) {
+ if (pkt->pkttype != CDK_PKT_SECRET_KEY &&
+ pkt->pkttype != CDK_PKT_SECRET_SUBKEY) {
+ cdk_pkt_free(pkt);
+@@ -2241,14 +2241,14 @@ cdk_error_t cdk_listkey_next(cdk_listkey_t ctx, cdk_kbnode_t * ret_key)
+ }
+
+ if (ctx->type && ctx->u.patt[0] == '*')
+- return cdk_keydb_get_keyblock(ctx->inp, ret_key);
++ return cdk_keydb_get_keyblock(ctx->inp, ret_key, 1);
+ else if (ctx->type) {
+ cdk_kbnode_t node;
+ struct cdk_keydb_search_s ks;
+ cdk_error_t rc;
+
+ for (;;) {
+- rc = cdk_keydb_get_keyblock(ctx->inp, &node);
++ rc = cdk_keydb_get_keyblock(ctx->inp, &node, 1);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+diff --git a/lib/opencdk/literal.c b/lib/opencdk/literal.c
+index 7b4baec82..69967742a 100644
+--- a/lib/opencdk/literal.c
++++ b/lib/opencdk/literal.c
+@@ -67,7 +67,7 @@ static cdk_error_t literal_decode(void *data, FILE * in, FILE * out)
+ return rc;
+
+ cdk_pkt_new(&pkt);
+- rc = cdk_pkt_read(si, pkt);
++ rc = cdk_pkt_read(si, pkt, 1);
+ if (rc || pkt->pkttype != CDK_PKT_LITERAL) {
+ cdk_pkt_release(pkt);
+ cdk_stream_close(si);
+diff --git a/lib/opencdk/opencdk.h b/lib/opencdk/opencdk.h
+index c06b74984..d95cc32b6 100644
+--- a/lib/opencdk/opencdk.h
++++ b/lib/opencdk/opencdk.h
+@@ -553,7 +553,7 @@ extern "C" {
+ void cdk_pkt_release(cdk_packet_t pkt);
+
+ /* Read or write the given output from or to the stream. */
+- cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt);
++ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt, unsigned public);
+ cdk_error_t cdk_pkt_write(cdk_stream_t out, cdk_packet_t pkt);
+
+ /* Sub packet routines */
+@@ -814,7 +814,8 @@ extern "C" {
+ /* Try to read the next key block from the given input stream.
+ The key will be returned in @RET_KEY on success. */
+ cdk_error_t cdk_keydb_get_keyblock(cdk_stream_t inp,
+- cdk_kbnode_t * ret_key);
++ cdk_kbnode_t * ret_key,
++ unsigned public);
+
+ /* Rebuild the key db index if possible. */
+ cdk_error_t cdk_keydb_idx_rebuild(cdk_keydb_hd_t db,
+@@ -848,7 +849,7 @@ extern "C" {
+ cdk_error_t cdk_kbnode_read_from_mem(cdk_kbnode_t * ret_node,
+ int armor,
+ const unsigned char *buf,
+- size_t buflen);
++ size_t buflen, unsigned public);
+ cdk_error_t cdk_kbnode_write_to_mem(cdk_kbnode_t node,
+ unsigned char *buf,
+ size_t * r_nbytes);
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index a2631fed1..e202a10b0 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -960,7 +960,7 @@ static cdk_error_t skip_packet(cdk_stream_t inp, size_t pktlen)
+ *
+ * Parse the next packet on the @inp stream and return its contents in @pkt.
+ **/
+-cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt)
++cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt, unsigned public)
+ {
+ int ctb, is_newctb;
+ int pkttype;
+@@ -1068,6 +1068,10 @@ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt)
+ break;
+
+ case CDK_PKT_SECRET_KEY:
++ if (public) {
++ /* read secret key when expecting public */
++ return gnutls_assert_val(CDK_Inv_Packet);
++ }
+ pkt->pkt.secret_key =
+ cdk_calloc(1, sizeof *pkt->pkt.secret_key);
+ if (!pkt->pkt.secret_key)
+@@ -1083,6 +1087,10 @@ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt)
+ break;
+
+ case CDK_PKT_SECRET_SUBKEY:
++ if (public) {
++ /* read secret key when expecting public */
++ return gnutls_assert_val(CDK_Inv_Packet);
++ }
+ pkt->pkt.secret_key =
+ cdk_calloc(1, sizeof *pkt->pkt.secret_key);
+ if (!pkt->pkt.secret_key)
+diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c
+index 7c05e1fbf..192737f83 100644
+--- a/lib/openpgp/gnutls_openpgp.c
++++ b/lib/openpgp/gnutls_openpgp.c
+@@ -479,7 +479,7 @@ int gnutls_openpgp_count_key_names(const gnutls_datum_t * cert)
+ return 0;
+ }
+
+- if (cdk_kbnode_read_from_mem(&knode, 0, cert->data, cert->size)) {
++ if (cdk_kbnode_read_from_mem(&knode, 0, cert->data, cert->size, 1)) {
+ gnutls_assert();
+ return 0;
+ }
+diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
+index d5ef2722b..77e57ab41 100644
+--- a/lib/openpgp/pgp.c
++++ b/lib/openpgp/pgp.c
+@@ -99,7 +99,7 @@ gnutls_openpgp_crt_import(gnutls_openpgp_crt_t key,
+ armor = 1;
+
+ rc = cdk_kbnode_read_from_mem(&key->knode, armor, data->data,
+- data->size);
++ data->size, 1);
+ if (rc) {
+ rc = _gnutls_map_cdk_rc(rc);
+ gnutls_assert();
+diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
+index 6aa6fb543..81ec3ab3d 100644
+--- a/lib/openpgp/privkey.c
++++ b/lib/openpgp/privkey.c
+@@ -186,7 +186,7 @@ gnutls_openpgp_privkey_import(gnutls_openpgp_privkey_t key,
+ armor = 1;
+
+ rc = cdk_kbnode_read_from_mem(&key->knode, armor, data->data,
+- data->size);
++ data->size, 0);
+ if (rc != 0) {
+ rc = _gnutls_map_cdk_rc(rc);
+ gnutls_assert();
+--
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch gnutls28-3.3.8/debian/patches/55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch
--- gnutls28-3.3.8/debian/patches/55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch 2017-03-06 19:11:17.000000000 +0100
@@ -0,0 +1,50 @@
+From efa1251cc197239a36eca48fd204afae41b05994 Mon Sep 17 00:00:00 2001
+From: Alex Gaynor <alex.gaynor@gmail.com>
+Date: Sun, 5 Mar 2017 02:21:30 +0000
+Subject: [PATCH] Enforce the max packet length for OpenPGP subpackets as well
+
+This addresses:
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
+
+Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
+---
+ lib/opencdk/read-packet.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index e202a10b0..56bbccc70 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -571,6 +571,9 @@ read_user_id(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t user_id)
+ }
+
+
++#define MAX_PACKET_LEN (1<<24)
++
++
+ static cdk_error_t
+ read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes)
+ {
+@@ -610,6 +613,10 @@ read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes)
+ else
+ return CDK_Inv_Packet;
+
++ if (size >= MAX_PACKET_LEN) {
++ return CDK_Inv_Packet;
++ }
++
+ node = cdk_subpkt_new(size);
+ if (!node)
+ return CDK_Out_Of_Core;
+@@ -951,8 +958,6 @@ static cdk_error_t skip_packet(cdk_stream_t inp, size_t pktlen)
+ return 0;
+ }
+
+-#define MAX_PACKET_LEN (1<<24)
+-
+ /**
+ * cdk_pkt_read:
+ * @inp: the input stream
+--
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/series gnutls28-3.3.8/debian/patches/series
--- gnutls28-3.3.8/debian/patches/series 2016-11-01 10:07:52.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/series 2017-03-06 19:15:23.000000000 +0100
@@ -16,3 +16,20 @@
51_0003_tests-added-reproducer-for-the-MD5-acceptance-issue.patch
52_CVE-2016-7444_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch
53_nettle-use-rsa_-_key_prepare-on-key-import.patch
+55_00_pkcs12-fixed-the-calculation-of-p_size.patch
+55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch
+55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch
+55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch
+55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch
+55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch
+55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch
+55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch
+55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch
+55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch
+55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch
+55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch
+55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch
+55_13_cdk_pkt_read-enforce-packet-limits.patch
+55_14_opencdk-read_attribute-account-buffer-size.patch
+55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch
+55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch
Attachment:
signature.asc
Description: PGP signature