On 2017-03-05 Andreas Metzler <ametzler@bebt.de> wrote: > Package: release.debian.org > Severity: normal > Tags: jessie > User: release.debian.org@packages.debian.org > Usertags: pu > Hello, > I would like fix a number of minor issues in GnuTLS. > Most of these (notably CVE-2017-533[4567]) are related to the PGP > support, security does not intend to issue a DSA: [...] Hello, upstream has now released 3.5.10/3.3.27 including these fixes and another one on top: + 55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch Addressed large allocation in OpenPGP certificate parsing, that could lead in out-of-memory condition. Issue found using oss-fuzz project, and was fixed by Alex Gaynor: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 [GNUTLS-SA-2017-3C] Updated diff for jessie attached. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
diff -Nru gnutls28-3.3.8/debian/changelog gnutls28-3.3.8/debian/changelog --- gnutls28-3.3.8/debian/changelog 2016-11-01 10:07:52.000000000 +0100 +++ gnutls28-3.3.8/debian/changelog 2017-03-06 19:13:23.000000000 +0100 @@ -1,3 +1,62 @@ +gnutls28 (3.3.8-6+deb8u5) jessie; urgency=medium + + * Pull multiple fixes from gnutls_3_3_x branch: + + 55_00_pkcs12-fixed-the-calculation-of-p_size.patch + Fixed issue in PKCS#12 password encoding, which truncated + passwords over 32-characters. Reported by Mario Klebsch. + + 55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch + Fix double free in certificate information printing. If the PKIX + extension proxy was set with a policy language set but no policy + specified, that could lead to a double free. [GNUTLS-SA-2017-1] + CVE-2017-5334 + + 55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch + Addressed memory leak in server side error path (issue found using + oss-fuzz project) + + 55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch + 55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch + 55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch + 55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch + 55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch + 55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch + 55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch + 55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch + 55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch + Addressed memory leaks and an infinite loop in OpenPGP certificate + parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project) + Addressed invalid memory accesses in OpenPGP certificate parsing. + (issues found using oss-fuzz project) [GNUTLS-SA-2017-2] + CVE-2017-5335 / CVE-2017-5336 / CVE-2017-5337 + + 55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch + When returning success, but no elements, + gnutls_pkcs11_obj_list_import_url4, could have returned zero number of + elements with a pointer that was uninitialized. Ensure that an + initialized (i.e., null in that case), pointer is always returned. + + 55_13_cdk_pkt_read-enforce-packet-limits.patch Addressed integer + overflow resulting to invalid memory write in OpenPGP certificate + parsing. Issue found using oss-fuzz project: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 + [GNUTLS-SA-2017-3A] + + 55_14_opencdk-read_attribute-account-buffer-size.patch Addressed read + of 1 byte past the end of buffer in OpenPGP certificate parsing. Issue + found using oss-fuzz project: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391 + (This patch is from gnutls_3_5_x branch.) + + 55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch + Addressed crashes in OpenPGP certificate parsing, related to private key + parser. No longer allow OpenPGP certificates (public keys) to contain + private key sub-packets. Issue found using oss-fuzz project: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 + [GNUTLS-SA-2017-3B] + + 55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch + Addressed large allocation in OpenPGP certificate parsing, that could + lead in out-of-memory condition. Issue found using oss-fuzz project, and + was fixed by Alex Gaynor: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 + [GNUTLS-SA-2017-3C] + + -- Andreas Metzler <ametzler@debian.org> Mon, 06 Mar 2017 19:13:20 +0100 + gnutls28 (3.3.8-6+deb8u4) jessie; urgency=medium [ Salvatore Bonaccorso ] diff -Nru gnutls28-3.3.8/debian/patches/55_00_pkcs12-fixed-the-calculation-of-p_size.patch gnutls28-3.3.8/debian/patches/55_00_pkcs12-fixed-the-calculation-of-p_size.patch --- gnutls28-3.3.8/debian/patches/55_00_pkcs12-fixed-the-calculation-of-p_size.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnutls28-3.3.8/debian/patches/55_00_pkcs12-fixed-the-calculation-of-p_size.patch 2017-03-05 08:29:46.000000000 +0100 @@ -0,0 +1,26 @@ +From 3979cbcb425b4088c822b0a75c78f5f1eef32291 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: Mon, 28 Nov 2016 11:47:40 +0100 +Subject: [PATCH] pkcs12: fixed the calculation of p_size + +That affects passwords which exceed 32 characters. +--- + lib/x509/pkcs12_encr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/x509/pkcs12_encr.c b/lib/x509/pkcs12_encr.c +index 85cd3f228..d8fd49f82 100644 +--- a/lib/x509/pkcs12_encr.c ++++ b/lib/x509/pkcs12_encr.c +@@ -105,7 +105,7 @@ _gnutls_pkcs12_string_to_key(const mac_entry_st * me, + } + + /* Store salt and password in BUF_I */ +- p_size = ((pwlen / 64) * 64) + 64; ++ p_size = (((2*pwlen) / 64) * 64) + 64; + + if (p_size > sizeof(buf_i) - 64) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); +-- +2.11.0 + diff -Nru gnutls28-3.3.8/debian/patches/55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch gnutls28-3.3.8/debian/patches/55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch --- gnutls28-3.3.8/debian/patches/55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnutls28-3.3.8/debian/patches/55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch 2017-03-05 08:29:46.000000000 +0100 @@ -0,0 +1,76 @@ +From bbfd47d4bb6935b3eddae227deb9f340e2c1a69d Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: Thu, 15 Dec 2016 15:02:18 +0100 +Subject: [PATCH] gnutls_x509_ext_import_proxy: fix issue reading the policy + language + +If the language was set but the policy wasn't, that could lead to +a double free, as the value returned to the user was freed. +--- + lib/x509/x509_ext.c | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c +index f974b0279..ed0ad1d14 100644 +--- a/lib/x509/x509_ext.c ++++ b/lib/x509/x509_ext.c +@@ -1414,7 +1414,8 @@ int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen, + { + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + int result; +- gnutls_datum_t value = { NULL, 0 }; ++ gnutls_datum_t value1 = { NULL, 0 }; ++ gnutls_datum_t value2 = { NULL, 0 }; + + if ((result = asn1_create_element + (_gnutls_get_pkix(), "PKIX1.ProxyCertInfo", +@@ -1444,20 +1445,18 @@ int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen, + } + + result = _gnutls_x509_read_value(c2, "proxyPolicy.policyLanguage", +- &value); ++ &value1); + if (result < 0) { + gnutls_assert(); + goto cleanup; + } + + if (policyLanguage) { +- *policyLanguage = (char *)value.data; +- } else { +- gnutls_free(value.data); +- value.data = NULL; ++ *policyLanguage = (char *)value1.data; ++ value1.data = NULL; + } + +- result = _gnutls_x509_read_value(c2, "proxyPolicy.policy", &value); ++ result = _gnutls_x509_read_value(c2, "proxyPolicy.policy", &value2); + if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { + if (policy) + *policy = NULL; +@@ -1468,16 +1467,17 @@ int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen, + goto cleanup; + } else { + if (policy) { +- *policy = (char *)value.data; +- value.data = NULL; ++ *policy = (char *)value2.data; ++ value2.data = NULL; + } + if (sizeof_policy) +- *sizeof_policy = value.size; ++ *sizeof_policy = value2.size; + } + + result = 0; + cleanup: +- gnutls_free(value.data); ++ gnutls_free(value1.data); ++ gnutls_free(value2.data); + asn1_delete_structure(&c2); + + return result; +-- +2.11.0 + diff -Nru gnutls28-3.3.8/debian/patches/55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch gnutls28-3.3.8/debian/patches/55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch --- gnutls28-3.3.8/debian/patches/55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnutls28-3.3.8/debian/patches/55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch 2017-03-05 08:29:46.000000000 +0100 @@ -0,0 +1,39 @@ +From 097a347d7bad44c8d187363d45465d5db7eaf723 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: Wed, 4 Jan 2017 09:46:26 +0100 +Subject: [PATCH] auth rsa: eliminated memory leak on pkcs-1 formatting attack + path + +Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> +--- + lib/auth/rsa.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c +index 128e7b4b8..140f17043 100644 +--- a/lib/auth/rsa.c ++++ b/lib/auth/rsa.c +@@ -112,7 +112,7 @@ static int + proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, + size_t _data_size) + { +- gnutls_datum_t plaintext; ++ gnutls_datum_t plaintext = {NULL, 0}; + gnutls_datum_t ciphertext; + int ret, dsize; + int randomize_key = 0; +@@ -150,6 +150,11 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, + _gnutls_audit_log(session, + "auth_rsa: Possible PKCS #1 format attack\n"); + randomize_key = 1; ++ ++ if (ret >= 0) { ++ gnutls_free(plaintext.data); ++ plaintext.data = NULL; ++ } + } else { + /* If the secret was properly formatted, then + * check the version number. +-- +2.11.0 + diff -Nru gnutls28-3.3.8/debian/patches/55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch gnutls28-3.3.8/debian/patches/55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch --- gnutls28-3.3.8/debian/patches/55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnutls28-3.3.8/debian/patches/55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch 2017-03-05 08:29:46.000000000 +0100 @@ -0,0 +1,26 @@ +From 03d1e6089230bad79b78ce6e8ea2b872cbaf37e2 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: Mon, 29 Feb 2016 09:48:12 +0100 +Subject: [PATCH 1/8] opencdk: Fixes to prevent undefined behavior (found with + libubsan) + +--- + lib/opencdk/misc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/opencdk/misc.c b/lib/opencdk/misc.c +index 0d4ee8912..35172e5dd 100644 +--- a/lib/opencdk/misc.c ++++ b/lib/opencdk/misc.c +@@ -41,7 +41,7 @@ u32 _cdk_buftou32(const byte * buf) + + if (!buf) + return 0; +- u = buf[0] << 24; ++ u = ((u32)buf[0]) << 24; + u |= buf[1] << 16; + u |= buf[2] << 8; + u |= buf[3]; +-- +2.11.0 + diff -Nru gnutls28-3.3.8/debian/patches/55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch gnutls28-3.3.8/debian/patches/55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch --- gnutls28-3.3.8/debian/patches/55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnutls28-3.3.8/debian/patches/55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch 2017-03-05 08:29:46.000000000 +0100 @@ -0,0 +1,70 @@ +From 16862f233f4600a4c1c827be8b1a18b6f80e0ce4 Mon Sep 17 00:00:00 2001 +From: Alex Gaynor <alex.gaynor@gmail.com> +Date: Mon, 26 Dec 2016 13:15:25 -0500 +Subject: [PATCH 2/8] Do not infinite loop if an EOF occurs while skipping a + PGP packet + +Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com> +--- + lib/opencdk/read-packet.c | 21 ++++++++++++++++----- + 1 file changed, 16 insertions(+), 5 deletions(-) + +diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c +index becd6cb76..67ea938f7 100644 +--- a/lib/opencdk/read-packet.c ++++ b/lib/opencdk/read-packet.c +@@ -42,8 +42,13 @@ + static int + stream_read(cdk_stream_t s, void *buf, size_t buflen, size_t * r_nread) + { +- *r_nread = cdk_stream_read(s, buf, buflen); +- return *r_nread > 0 ? 0 : _cdk_stream_get_errno(s); ++ int res = cdk_stream_read(s, buf, buflen); ++ if (res > 0) { ++ *r_nread = res; ++ return 0; ++ } else { ++ return (cdk_stream_eof(s) ? EOF : _cdk_stream_get_errno(s)); ++ } + } + + +@@ -875,18 +880,22 @@ read_new_length(cdk_stream_t inp, + + + /* Skip the current packet body. */ +-static void skip_packet(cdk_stream_t inp, size_t pktlen) ++static cdk_error_t skip_packet(cdk_stream_t inp, size_t pktlen) + { + byte buf[BUFSIZE]; + size_t nread, buflen = DIM(buf); + + while (pktlen > 0) { +- stream_read(inp, buf, pktlen > buflen ? buflen : pktlen, ++ cdk_error_t rc; ++ rc = stream_read(inp, buf, pktlen > buflen ? buflen : pktlen, + &nread); ++ if (rc) ++ return rc; + pktlen -= nread; + } + + assert(pktlen == 0); ++ return 0; + } + + +@@ -1087,7 +1096,9 @@ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt) + + default: + /* Skip all packets we don't understand */ +- skip_packet(inp, pktlen); ++ rc = skip_packet(inp, pktlen); ++ if (rc) ++ return gnutls_assert_val(rc); + break; + } + +-- +2.11.0 + diff -Nru gnutls28-3.3.8/debian/patches/55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch gnutls28-3.3.8/debian/patches/55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch --- gnutls28-3.3.8/debian/patches/55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnutls28-3.3.8/debian/patches/55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch 2017-03-05 08:29:46.000000000 +0100 @@ -0,0 +1,28 @@ +From 9ca2dccfb51c487b6dc14c64b73a1668d0801086 Mon Sep 17 00:00:00 2001 +From: Alex Gaynor <alex.gaynor@gmail.com> +Date: Fri, 30 Dec 2016 21:17:22 -0500 +Subject: [PATCH 3/8] Attempt to fix a leak in OpenPGP cert parsing. + +--- + lib/opencdk/read-packet.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c +index 67ea938f7..f1d165053 100644 +--- a/lib/opencdk/read-packet.c ++++ b/lib/opencdk/read-packet.c +@@ -510,8 +510,10 @@ read_attribute(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr, + p++; + len--; + +- if (len >= pktlen) ++ if (len >= pktlen) { ++ cdk_free(buf); + return CDK_Inv_Packet; ++ } + attr->attrib_img = cdk_calloc(1, len); + if (!attr->attrib_img) { + cdk_free(buf); +-- +2.11.0 + diff -Nru gnutls28-3.3.8/debian/patches/55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch gnutls28-3.3.8/debian/patches/55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch --- gnutls28-3.3.8/debian/patches/55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnutls28-3.3.8/debian/patches/55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch 2017-03-05 08:29:46.000000000 +0100 @@ -0,0 +1,29 @@ +From affb3d659681af1dca04448e25f27c7e22eda0c7 Mon Sep 17 00:00:00 2001 +From: Alex Gaynor <alex.gaynor@gmail.com> +Date: Sun, 1 Jan 2017 09:15:09 -0500 +Subject: [PATCH 4/8] Corrected a leak in OpenPGP sub-packet parsing. + +Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com> +--- + lib/opencdk/read-packet.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c +index f1d165053..8cba25c47 100644 +--- a/lib/opencdk/read-packet.c ++++ b/lib/opencdk/read-packet.c +@@ -596,8 +596,10 @@ read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes) + node->size--; + rc = stream_read(inp, node->d, node->size, &nread); + n += nread; +- if (rc) ++ if (rc) { ++ cdk_subpkt_free(node); + return rc; ++ } + *r_nbytes = n; + if (!*r_ctx) + *r_ctx = node; +-- +2.11.0 + diff -Nru gnutls28-3.3.8/debian/patches/55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch gnutls28-3.3.8/debian/patches/55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch --- gnutls28-3.3.8/debian/patches/55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnutls28-3.3.8/debian/patches/55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch 2017-03-05 08:29:46.000000000 +0100 @@ -0,0 +1,98 @@ +From 6231a4a087f9fdbd5f5f274e80c7a71e3e45b9c8 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: Wed, 4 Jan 2017 14:42:03 +0100 +Subject: [PATCH 5/8] opencdk: read_attribute: added more precise checks when + reading stream + +That addresses heap read overflows found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346 + +Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> +--- + lib/opencdk/read-packet.c | 40 +++++++++++++++++++++++++++++----------- + 1 file changed, 29 insertions(+), 11 deletions(-) + +diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c +index 8cba25c47..e8ff24ffe 100644 +--- a/lib/opencdk/read-packet.c ++++ b/lib/opencdk/read-packet.c +@@ -483,46 +483,64 @@ read_attribute(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr, + return CDK_Out_Of_Core; + rc = stream_read(inp, buf, pktlen, &nread); + if (rc) { +- cdk_free(buf); +- return CDK_Inv_Packet; ++ gnutls_assert(); ++ rc = CDK_Inv_Packet; ++ goto error; + } ++ + p = buf; + len = *p++; + pktlen--; ++ + if (len == 255) { ++ if (pktlen < 4) { ++ gnutls_assert(); ++ rc = CDK_Inv_Packet; ++ goto error; ++ } ++ + len = _cdk_buftou32(p); + p += 4; + pktlen -= 4; + } else if (len >= 192) { + if (pktlen < 2) { +- cdk_free(buf); +- return CDK_Inv_Packet; ++ gnutls_assert(); ++ rc = CDK_Inv_Packet; ++ goto error; + } ++ + len = ((len - 192) << 8) + *p + 192; + p++; + pktlen--; + } + +- if (*p != 1) { /* Currently only 1, meaning an image, is defined. */ +- cdk_free(buf); +- return CDK_Inv_Packet; ++ if (!len || *p != 1) { /* Currently only 1, meaning an image, is defined. */ ++ rc = CDK_Inv_Packet; ++ goto error; + } ++ + p++; + len--; + + if (len >= pktlen) { +- cdk_free(buf); +- return CDK_Inv_Packet; ++ rc = CDK_Inv_Packet; ++ goto error; + } ++ + attr->attrib_img = cdk_calloc(1, len); + if (!attr->attrib_img) { +- cdk_free(buf); +- return CDK_Out_Of_Core; ++ rc = CDK_Out_Of_Core; ++ goto error; + } ++ + attr->attrib_len = len; + memcpy(attr->attrib_img, p, len); + cdk_free(buf); + return rc; ++ ++ error: ++ cdk_free(buf); ++ return rc; + } + + +-- +2.11.0 + diff -Nru gnutls28-3.3.8/debian/patches/55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch gnutls28-3.3.8/debian/patches/55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch --- gnutls28-3.3.8/debian/patches/55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnutls28-3.3.8/debian/patches/55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch 2017-03-05 08:29:46.000000000 +0100 @@ -0,0 +1,42 @@ +From 7dec871f82e205107a81281e3286f0aa9caa93b3 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: Wed, 4 Jan 2017 14:56:50 +0100 +Subject: [PATCH 6/8] opencdk: cdk_pk_get_keyid: fix stack overflow + +Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340 + +Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> +--- + lib/opencdk/pubkey.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/lib/opencdk/pubkey.c b/lib/opencdk/pubkey.c +index 6e753bd25..da43129f9 100644 +--- a/lib/opencdk/pubkey.c ++++ b/lib/opencdk/pubkey.c +@@ -518,6 +518,7 @@ u32 cdk_pk_get_keyid(cdk_pubkey_t pk, u32 * keyid) + { + u32 lowbits = 0; + byte buf[24]; ++ int rc; + + if (pk && (!pk->keyid[0] || !pk->keyid[1])) { + if (pk->version < 4 && is_RSA(pk->pubkey_algo)) { +@@ -525,7 +526,12 @@ u32 cdk_pk_get_keyid(cdk_pubkey_t pk, u32 * keyid) + size_t n; + + n = MAX_MPI_BYTES; +- _gnutls_mpi_print(pk->mpi[0], p, &n); ++ rc = _gnutls_mpi_print(pk->mpi[0], p, &n); ++ if (rc < 0 || n < 8) { ++ keyid[0] = keyid[1] = (u32)-1; ++ return (u32)-1; ++ } ++ + pk->keyid[0] = + p[n - 8] << 24 | p[n - 7] << 16 | p[n - + 6] << 8 | +-- +2.11.0 + diff -Nru gnutls28-3.3.8/debian/patches/55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch gnutls28-3.3.8/debian/patches/55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch --- gnutls28-3.3.8/debian/patches/55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnutls28-3.3.8/debian/patches/55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch 2017-03-05 08:29:46.000000000 +0100 @@ -0,0 +1,139 @@ +From 785af1ab577f899d2e54172ff120f404709bf172 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: Wed, 4 Jan 2017 15:22:13 +0100 +Subject: [PATCH 7/8] opencdk: added error checking in the stream reading + functions + +This addresses an out of memory error. Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337 + +Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> +--- + lib/opencdk/read-packet.c | 40 +++++++++++++++++++++++++++++++++++----- + 1 file changed, 35 insertions(+), 5 deletions(-) + +diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c +index e8ff24ffe..7a474ff54 100644 +--- a/lib/opencdk/read-packet.c ++++ b/lib/opencdk/read-packet.c +@@ -43,6 +43,7 @@ static int + stream_read(cdk_stream_t s, void *buf, size_t buflen, size_t * r_nread) + { + int res = cdk_stream_read(s, buf, buflen); ++ + if (res > 0) { + *r_nread = res; + return 0; +@@ -56,13 +57,13 @@ stream_read(cdk_stream_t s, void *buf, size_t buflen, size_t * r_nread) + static u32 read_32(cdk_stream_t s) + { + byte buf[4]; +- size_t nread; ++ size_t nread = 0; + + assert(s != NULL); + + stream_read(s, buf, 4, &nread); + if (nread != 4) +- return (u32) - 1; ++ return (u32) -1; + return buf[0] << 24 | buf[1] << 16 | buf[2] << 8 | buf[3]; + } + +@@ -71,7 +72,7 @@ static u32 read_32(cdk_stream_t s) + static u16 read_16(cdk_stream_t s) + { + byte buf[2]; +- size_t nread; ++ size_t nread = 0; + + assert(s != NULL); + +@@ -573,7 +574,7 @@ read_user_id(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t user_id) + static cdk_error_t + read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes) + { +- byte c, c1; ++ int c, c1; + size_t size, nread, n; + cdk_subpkt_t node; + cdk_error_t rc; +@@ -588,11 +589,18 @@ read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes) + *r_nbytes = 0; + c = cdk_stream_getc(inp); + n++; ++ + if (c == 255) { + size = read_32(inp); ++ if (size == (u32)-1) ++ return CDK_Inv_Packet; ++ + n += 4; + } else if (c >= 192 && c < 255) { + c1 = cdk_stream_getc(inp); ++ if (c1 == EOF) ++ return CDK_Inv_Packet; ++ + n++; + if (c1 == 0) + return 0; +@@ -859,17 +867,29 @@ static void + read_old_length(cdk_stream_t inp, int ctb, size_t * r_len, size_t * r_size) + { + int llen = ctb & 0x03; ++ int c; + + if (llen == 0) { +- *r_len = cdk_stream_getc(inp); ++ c = cdk_stream_getc(inp); ++ if (c == EOF) ++ goto fail; ++ ++ *r_len = c; + (*r_size)++; + } else if (llen == 1) { + *r_len = read_16(inp); ++ if (*r_len == (u16)-1) ++ goto fail; + (*r_size) += 2; + } else if (llen == 2) { + *r_len = read_32(inp); ++ if (*r_len == (u32)-1) { ++ goto fail; ++ } ++ + (*r_size) += 4; + } else { ++ fail: + *r_len = 0; + *r_size = 0; + } +@@ -884,15 +904,25 @@ read_new_length(cdk_stream_t inp, + int c, c1; + + c = cdk_stream_getc(inp); ++ if (c == EOF) ++ return; ++ + (*r_size)++; + if (c < 192) + *r_len = c; + else if (c >= 192 && c <= 223) { + c1 = cdk_stream_getc(inp); ++ if (c1 == EOF) ++ return; ++ + (*r_size)++; + *r_len = ((c - 192) << 8) + c1 + 192; + } else if (c == 255) { + *r_len = read_32(inp); ++ if (*r_len == (u32)-1) { ++ return; ++ } ++ + (*r_size) += 4; + } else { + *r_len = 1 << (c & 0x1f); +-- +2.11.0 + diff -Nru gnutls28-3.3.8/debian/patches/55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch gnutls28-3.3.8/debian/patches/55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch --- gnutls28-3.3.8/debian/patches/55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnutls28-3.3.8/debian/patches/55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch 2017-03-05 08:29:46.000000000 +0100 @@ -0,0 +1,35 @@ +From d16ccb7ee8b890c4e9fe5a9e062c0d525c44340c Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: Tue, 17 Jan 2017 13:34:33 +0100 +Subject: [PATCH] opencdk: improved error code checking in the stream reading + functions + +This ammends 49be4f7b82eba2363bb8d4090950dad976a77a3a + +Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> +--- + lib/opencdk/read-packet.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c +index 7a474ff54..8a8d87a1f 100644 +--- a/lib/opencdk/read-packet.c ++++ b/lib/opencdk/read-packet.c +@@ -918,11 +918,12 @@ read_new_length(cdk_stream_t inp, + (*r_size)++; + *r_len = ((c - 192) << 8) + c1 + 192; + } else if (c == 255) { +- *r_len = read_32(inp); +- if (*r_len == (u32)-1) { ++ c1 = read_32(inp); ++ if (c1 == (u32)-1) { + return; + } + ++ *r_len = c1; + (*r_size) += 4; + } else { + *r_len = 1 << (c & 0x1f); +-- +2.11.0 + diff -Nru gnutls28-3.3.8/debian/patches/55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch gnutls28-3.3.8/debian/patches/55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch --- gnutls28-3.3.8/debian/patches/55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnutls28-3.3.8/debian/patches/55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch 2017-03-05 18:40:52.000000000 +0100 @@ -0,0 +1,26 @@ +From 5888e3cc63611396adb90d3ad1dc42a0bdb5850b Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: Mon, 20 Feb 2017 11:14:49 +0100 +Subject: [PATCH] opencdk/read-packet.c: corrected typo in type cast + +Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> +--- + lib/opencdk/read-packet.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c +index d95845d56..a2631fed1 100644 +--- a/lib/opencdk/read-packet.c ++++ b/lib/opencdk/read-packet.c +@@ -919,7 +919,7 @@ read_new_length(cdk_stream_t inp, + *r_len = ((c - 192) << 8) + c1 + 192; + } else if (c == 255) { + c1 = read_32(inp); +- if (c1 == (u32)-1) { ++ if (c1 == -1) { + return; + } + +-- +2.11.0 + diff -Nru gnutls28-3.3.8/debian/patches/55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch gnutls28-3.3.8/debian/patches/55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch --- gnutls28-3.3.8/debian/patches/55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnutls28-3.3.8/debian/patches/55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch 2017-03-05 08:29:46.000000000 +0100 @@ -0,0 +1,31 @@ +From 0715c72c482931b962294f9388f28fbb2a707d80 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: Fri, 3 Feb 2017 23:41:51 +0100 +Subject: [PATCH] gnutls_pkcs11_obj_list_import_url2: Always return an + initialized pointer + +When returning success, but no elements, gnutls_pkcs11_obj_list_import_url4, +could have returned zero number of elements with a pointer that was uninitialized. +Ensure that an initialized (i.e., null in that case), pointer is always returned. +Reported by Jeremy Harris. + +Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> +--- + lib/pkcs11.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/pkcs11.c b/lib/pkcs11.c +index d99dedff6..f5cf99d65 100644 +--- a/lib/pkcs11.c ++++ b/lib/pkcs11.c +@@ -3019,6 +3019,7 @@ gnutls_pkcs11_obj_list_import_url2(gnutls_pkcs11_obj_t ** p_list, + if (ret < 0) { + gnutls_assert(); + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { ++ *p_list = NULL; + *n_list = 0; + ret = 0; + } +-- +2.11.0 + diff -Nru gnutls28-3.3.8/debian/patches/55_13_cdk_pkt_read-enforce-packet-limits.patch gnutls28-3.3.8/debian/patches/55_13_cdk_pkt_read-enforce-packet-limits.patch --- gnutls28-3.3.8/debian/patches/55_13_cdk_pkt_read-enforce-packet-limits.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnutls28-3.3.8/debian/patches/55_13_cdk_pkt_read-enforce-packet-limits.patch 2017-03-05 08:33:00.000000000 +0100 @@ -0,0 +1,55 @@ +From 09a2f72584bb52ba87a97ee291729d6609229626 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: Mon, 20 Feb 2017 11:13:08 +0100 +Subject: [PATCH] cdk_pkt_read: enforce packet limits + +That ensures that there are no overflows in the subsequent +calculations. + +Resolves the oss-fuzz found bug: +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 + +Relates: #159 + +Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> +--- + lib/opencdk/read-packet.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c +index 8a8d87a1f..d95845d56 100644 +--- a/lib/opencdk/read-packet.c ++++ b/lib/opencdk/read-packet.c +@@ -951,6 +951,7 @@ static cdk_error_t skip_packet(cdk_stream_t inp, size_t pktlen) + return 0; + } + ++#define MAX_PACKET_LEN (1<<24) + + /** + * cdk_pkt_read: +@@ -1003,6 +1004,13 @@ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt) + else + read_old_length(inp, ctb, &pktlen, &pktsize); + ++ /* enforce limits to ensure that the following calculations ++ * do not overflow */ ++ if (pktlen >= MAX_PACKET_LEN || pktsize >= MAX_PACKET_LEN) { ++ _cdk_log_info("cdk_pkt_read: too long packet\n"); ++ return gnutls_assert_val(CDK_Inv_Packet); ++ } ++ + pkt->pkttype = pkttype; + pkt->pktlen = pktlen; + pkt->pktsize = pktsize + pktlen; +@@ -1027,6 +1035,7 @@ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt) + break; + + case CDK_PKT_USER_ID: ++ + pkt->pkt.user_id = cdk_calloc(1, sizeof *pkt->pkt.user_id + + pkt->pktlen + 1); + if (!pkt->pkt.user_id) +-- +2.11.0 + diff -Nru gnutls28-3.3.8/debian/patches/55_14_opencdk-read_attribute-account-buffer-size.patch gnutls28-3.3.8/debian/patches/55_14_opencdk-read_attribute-account-buffer-size.patch --- gnutls28-3.3.8/debian/patches/55_14_opencdk-read_attribute-account-buffer-size.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnutls28-3.3.8/debian/patches/55_14_opencdk-read_attribute-account-buffer-size.patch 2017-03-05 16:09:01.000000000 +0100 @@ -0,0 +1,33 @@ +From 3f5b3a45e4ad9520f5efc02676f996f780169e40 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: Thu, 23 Feb 2017 11:10:04 +0100 +Subject: [PATCH] opencdk: read_attribute: account buffer size + +That ensures that there is no read past the end of buffer. + +Resolves the oss-fuzz found bug: +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391 + +Relates: #159 + +Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> +--- + lib/opencdk/read-packet.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c +index 87ab06c56..ba1223bd3 100644 +--- a/lib/opencdk/read-packet.c ++++ b/lib/opencdk/read-packet.c +@@ -514,7 +514,7 @@ read_attribute(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr, + pktlen--; + } + +- if (!len || *p != 1) { /* Currently only 1, meaning an image, is defined. */ ++ if (!len || pktlen == 0 || *p != 1) { /* Currently only 1, meaning an image, is defined. */ + rc = CDK_Inv_Packet; + goto error; + } +-- +2.11.0 + diff -Nru gnutls28-3.3.8/debian/patches/55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch gnutls28-3.3.8/debian/patches/55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch --- gnutls28-3.3.8/debian/patches/55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnutls28-3.3.8/debian/patches/55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch 2017-03-05 08:34:43.000000000 +0100 @@ -0,0 +1,243 @@ +From 9fe2b08714ac25a079f58790fd577b156bf5bf93 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@gnutls.org> +Date: Wed, 1 Mar 2017 07:54:04 +0100 +Subject: [PATCH] opencdk: do not parse any secret keys in packet when reading + a certificate + +This reduces the attack surface on the parsers, and prevents any bugs +in the secret key parser to be exploitable by inserting secret key +sub-packets into an openpgp certificate. + +This addresses: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 + +Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> +--- + lib/opencdk/kbnode.c | 6 ++++-- + lib/opencdk/keydb.c | 14 +++++++------- + lib/opencdk/literal.c | 2 +- + lib/opencdk/opencdk.h | 7 ++++--- + lib/opencdk/read-packet.c | 10 +++++++++- + lib/openpgp/gnutls_openpgp.c | 2 +- + lib/openpgp/pgp.c | 2 +- + lib/openpgp/privkey.c | 2 +- + 8 files changed, 28 insertions(+), 17 deletions(-) + +diff --git a/lib/opencdk/kbnode.c b/lib/opencdk/kbnode.c +index c28cb349b..f865b16ca 100644 +--- a/lib/opencdk/kbnode.c ++++ b/lib/opencdk/kbnode.c +@@ -369,12 +369,14 @@ cdk_packet_t cdk_kbnode_get_packet(cdk_kbnode_t node) + * @armor: whether base64 or not + * @buf: the buffer which stores the key sequence + * @buflen: the length of the buffer ++ * @public: non-zero if reading a public key + * + * Tries to read a key node from the memory buffer @buf. + **/ + cdk_error_t + cdk_kbnode_read_from_mem(cdk_kbnode_t * ret_node, +- int armor, const byte * buf, size_t buflen) ++ int armor, const byte * buf, size_t buflen, ++ unsigned public) + { + cdk_stream_t inp; + cdk_error_t rc; +@@ -393,7 +395,7 @@ cdk_kbnode_read_from_mem(cdk_kbnode_t * ret_node, + if (armor) + cdk_stream_set_armor_flag(inp, 0); + +- rc = cdk_keydb_get_keyblock(inp, ret_node); ++ rc = cdk_keydb_get_keyblock(inp, ret_node, public); + if (rc) + gnutls_assert(); + cdk_stream_close(inp); +diff --git a/lib/opencdk/keydb.c b/lib/opencdk/keydb.c +index 64eebf034..9112d9ab5 100644 +--- a/lib/opencdk/keydb.c ++++ b/lib/opencdk/keydb.c +@@ -108,7 +108,7 @@ static cdk_error_t keydb_idx_build(const char *file) + while (!cdk_stream_eof(inp)) { + off_t pos = cdk_stream_tell(inp); + +- rc = cdk_pkt_read(inp, pkt); ++ rc = cdk_pkt_read(inp, pkt, 1); + if (rc) { + _cdk_log_debug + ("index build failed packet off=%lu\n", +@@ -816,7 +816,7 @@ cdk_keydb_search(cdk_keydb_search_t st, cdk_keydb_hd_t hd, + + pos = cdk_stream_tell(kr); + +- rc = cdk_keydb_get_keyblock(kr, &knode); ++ rc = cdk_keydb_get_keyblock(kr, &knode, 1); + + if (rc) { + if (rc == CDK_EOF) +@@ -1679,7 +1679,7 @@ add_key_usage(cdk_kbnode_t knode, u32 keyid[2], unsigned int usage) + } + + cdk_error_t +-cdk_keydb_get_keyblock(cdk_stream_t inp, cdk_kbnode_t * r_knode) ++cdk_keydb_get_keyblock(cdk_stream_t inp, cdk_kbnode_t * r_knode, unsigned public) + { + cdk_packet_t pkt; + cdk_kbnode_t knode, node; +@@ -1706,7 +1706,7 @@ cdk_keydb_get_keyblock(cdk_stream_t inp, cdk_kbnode_t * r_knode) + while (!cdk_stream_eof(inp)) { + cdk_pkt_new(&pkt); + old_off = cdk_stream_tell(inp); +- rc = cdk_pkt_read(inp, pkt); ++ rc = cdk_pkt_read(inp, pkt, public); + if (rc) { + cdk_pkt_release(pkt); + if (rc == CDK_EOF) +@@ -2126,7 +2126,7 @@ cdk_error_t cdk_keydb_check_sk(cdk_keydb_hd_t hd, u32 * keyid) + return rc; + } + cdk_pkt_new(&pkt); +- while (!cdk_pkt_read(db, pkt)) { ++ while (!cdk_pkt_read(db, pkt, 0)) { + if (pkt->pkttype != CDK_PKT_SECRET_KEY && + pkt->pkttype != CDK_PKT_SECRET_SUBKEY) { + cdk_pkt_free(pkt); +@@ -2241,14 +2241,14 @@ cdk_error_t cdk_listkey_next(cdk_listkey_t ctx, cdk_kbnode_t * ret_key) + } + + if (ctx->type && ctx->u.patt[0] == '*') +- return cdk_keydb_get_keyblock(ctx->inp, ret_key); ++ return cdk_keydb_get_keyblock(ctx->inp, ret_key, 1); + else if (ctx->type) { + cdk_kbnode_t node; + struct cdk_keydb_search_s ks; + cdk_error_t rc; + + for (;;) { +- rc = cdk_keydb_get_keyblock(ctx->inp, &node); ++ rc = cdk_keydb_get_keyblock(ctx->inp, &node, 1); + if (rc) { + gnutls_assert(); + return rc; +diff --git a/lib/opencdk/literal.c b/lib/opencdk/literal.c +index 7b4baec82..69967742a 100644 +--- a/lib/opencdk/literal.c ++++ b/lib/opencdk/literal.c +@@ -67,7 +67,7 @@ static cdk_error_t literal_decode(void *data, FILE * in, FILE * out) + return rc; + + cdk_pkt_new(&pkt); +- rc = cdk_pkt_read(si, pkt); ++ rc = cdk_pkt_read(si, pkt, 1); + if (rc || pkt->pkttype != CDK_PKT_LITERAL) { + cdk_pkt_release(pkt); + cdk_stream_close(si); +diff --git a/lib/opencdk/opencdk.h b/lib/opencdk/opencdk.h +index c06b74984..d95cc32b6 100644 +--- a/lib/opencdk/opencdk.h ++++ b/lib/opencdk/opencdk.h +@@ -553,7 +553,7 @@ extern "C" { + void cdk_pkt_release(cdk_packet_t pkt); + + /* Read or write the given output from or to the stream. */ +- cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt); ++ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt, unsigned public); + cdk_error_t cdk_pkt_write(cdk_stream_t out, cdk_packet_t pkt); + + /* Sub packet routines */ +@@ -814,7 +814,8 @@ extern "C" { + /* Try to read the next key block from the given input stream. + The key will be returned in @RET_KEY on success. */ + cdk_error_t cdk_keydb_get_keyblock(cdk_stream_t inp, +- cdk_kbnode_t * ret_key); ++ cdk_kbnode_t * ret_key, ++ unsigned public); + + /* Rebuild the key db index if possible. */ + cdk_error_t cdk_keydb_idx_rebuild(cdk_keydb_hd_t db, +@@ -848,7 +849,7 @@ extern "C" { + cdk_error_t cdk_kbnode_read_from_mem(cdk_kbnode_t * ret_node, + int armor, + const unsigned char *buf, +- size_t buflen); ++ size_t buflen, unsigned public); + cdk_error_t cdk_kbnode_write_to_mem(cdk_kbnode_t node, + unsigned char *buf, + size_t * r_nbytes); +diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c +index a2631fed1..e202a10b0 100644 +--- a/lib/opencdk/read-packet.c ++++ b/lib/opencdk/read-packet.c +@@ -960,7 +960,7 @@ static cdk_error_t skip_packet(cdk_stream_t inp, size_t pktlen) + * + * Parse the next packet on the @inp stream and return its contents in @pkt. + **/ +-cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt) ++cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt, unsigned public) + { + int ctb, is_newctb; + int pkttype; +@@ -1068,6 +1068,10 @@ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt) + break; + + case CDK_PKT_SECRET_KEY: ++ if (public) { ++ /* read secret key when expecting public */ ++ return gnutls_assert_val(CDK_Inv_Packet); ++ } + pkt->pkt.secret_key = + cdk_calloc(1, sizeof *pkt->pkt.secret_key); + if (!pkt->pkt.secret_key) +@@ -1083,6 +1087,10 @@ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt) + break; + + case CDK_PKT_SECRET_SUBKEY: ++ if (public) { ++ /* read secret key when expecting public */ ++ return gnutls_assert_val(CDK_Inv_Packet); ++ } + pkt->pkt.secret_key = + cdk_calloc(1, sizeof *pkt->pkt.secret_key); + if (!pkt->pkt.secret_key) +diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c +index 7c05e1fbf..192737f83 100644 +--- a/lib/openpgp/gnutls_openpgp.c ++++ b/lib/openpgp/gnutls_openpgp.c +@@ -479,7 +479,7 @@ int gnutls_openpgp_count_key_names(const gnutls_datum_t * cert) + return 0; + } + +- if (cdk_kbnode_read_from_mem(&knode, 0, cert->data, cert->size)) { ++ if (cdk_kbnode_read_from_mem(&knode, 0, cert->data, cert->size, 1)) { + gnutls_assert(); + return 0; + } +diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c +index d5ef2722b..77e57ab41 100644 +--- a/lib/openpgp/pgp.c ++++ b/lib/openpgp/pgp.c +@@ -99,7 +99,7 @@ gnutls_openpgp_crt_import(gnutls_openpgp_crt_t key, + armor = 1; + + rc = cdk_kbnode_read_from_mem(&key->knode, armor, data->data, +- data->size); ++ data->size, 1); + if (rc) { + rc = _gnutls_map_cdk_rc(rc); + gnutls_assert(); +diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c +index 6aa6fb543..81ec3ab3d 100644 +--- a/lib/openpgp/privkey.c ++++ b/lib/openpgp/privkey.c +@@ -186,7 +186,7 @@ gnutls_openpgp_privkey_import(gnutls_openpgp_privkey_t key, + armor = 1; + + rc = cdk_kbnode_read_from_mem(&key->knode, armor, data->data, +- data->size); ++ data->size, 0); + if (rc != 0) { + rc = _gnutls_map_cdk_rc(rc); + gnutls_assert(); +-- +2.11.0 + diff -Nru gnutls28-3.3.8/debian/patches/55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch gnutls28-3.3.8/debian/patches/55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch --- gnutls28-3.3.8/debian/patches/55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnutls28-3.3.8/debian/patches/55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch 2017-03-06 19:11:17.000000000 +0100 @@ -0,0 +1,50 @@ +From efa1251cc197239a36eca48fd204afae41b05994 Mon Sep 17 00:00:00 2001 +From: Alex Gaynor <alex.gaynor@gmail.com> +Date: Sun, 5 Mar 2017 02:21:30 +0000 +Subject: [PATCH] Enforce the max packet length for OpenPGP subpackets as well + +This addresses: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 + +Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com> +--- + lib/opencdk/read-packet.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c +index e202a10b0..56bbccc70 100644 +--- a/lib/opencdk/read-packet.c ++++ b/lib/opencdk/read-packet.c +@@ -571,6 +571,9 @@ read_user_id(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t user_id) + } + + ++#define MAX_PACKET_LEN (1<<24) ++ ++ + static cdk_error_t + read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes) + { +@@ -610,6 +613,10 @@ read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes) + else + return CDK_Inv_Packet; + ++ if (size >= MAX_PACKET_LEN) { ++ return CDK_Inv_Packet; ++ } ++ + node = cdk_subpkt_new(size); + if (!node) + return CDK_Out_Of_Core; +@@ -951,8 +958,6 @@ static cdk_error_t skip_packet(cdk_stream_t inp, size_t pktlen) + return 0; + } + +-#define MAX_PACKET_LEN (1<<24) +- + /** + * cdk_pkt_read: + * @inp: the input stream +-- +2.11.0 + diff -Nru gnutls28-3.3.8/debian/patches/series gnutls28-3.3.8/debian/patches/series --- gnutls28-3.3.8/debian/patches/series 2016-11-01 10:07:52.000000000 +0100 +++ gnutls28-3.3.8/debian/patches/series 2017-03-06 19:15:23.000000000 +0100 @@ -16,3 +16,20 @@ 51_0003_tests-added-reproducer-for-the-MD5-acceptance-issue.patch 52_CVE-2016-7444_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch 53_nettle-use-rsa_-_key_prepare-on-key-import.patch +55_00_pkcs12-fixed-the-calculation-of-p_size.patch +55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch +55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch +55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch +55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch +55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch +55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch +55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch +55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch +55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch +55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch +55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch +55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch +55_13_cdk_pkt_read-enforce-packet-limits.patch +55_14_opencdk-read_attribute-account-buffer-size.patch +55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch +55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch
Attachment:
signature.asc
Description: PGP signature