Bug#969369: buster-pu: package node-elliptic/6.4.1_dfsg-1+deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
[ Reason ]
node-elliptic allows ECDSA signature maleability via variations in
encoding, leading '\0' bytes, or integer overflows (CVE-2020-13822).
[ Impact ]
This could conceivably have a security-relevant impact if an application
relied on a single canonical signature.
[ Tests ]
No new test, however upstream tests are OK during build and autopkgtest
[ Risks ]
Upstream change is little (just some tests on inputs) and test coverage
seems good
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Just some checks on inputs
diff --git a/debian/changelog b/debian/changelog
index 74b516f..3bc7a59 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+node-elliptic (6.4.1~dfsg-1+deb10u1) buster; urgency=medium
+
+ * Prevent malleability and overflows (Closes: CVE-2020-13822)
+
+ -- Xavier Guimard <yadd@debian.org> Tue, 01 Sep 2020 13:24:44 +0200
+
node-elliptic (6.4.1~dfsg-1) unstable; urgency=medium
[ upstream ]
diff --git a/debian/patches/CVE-2020-13822.patch b/debian/patches/CVE-2020-13822.patch
new file mode 100644
index 0000000..179ecb9
--- /dev/null
+++ b/debian/patches/CVE-2020-13822.patch
@@ -0,0 +1,89 @@
+Description: signature: prevent malleability and overflows
+ CVE-2020-13822
+Author: Fedor Indutny <fedor@indutny.com>
+Origin: upstream, https://github.com/indutny/elliptic/commit/856fe4d9
+Bug: https://github.com/indutny/elliptic/issues/226
+Forwarded: not-needed
+Reviewed-By: Xavier Guimard <yadd@debian.org>
+Last-Update: 2020-09-01
+
+--- a/lib/elliptic/ec/signature.js
++++ b/lib/elliptic/ec/signature.js
+@@ -33,11 +33,24 @@
+ return initial;
+ }
+ var octetLen = initial & 0xf;
++
++ // Indefinite length or overflow
++ if (octetLen === 0 || octetLen > 4) {
++ return false;
++ }
++
+ var val = 0;
+ for (var i = 0, off = p.place; i < octetLen; i++, off++) {
+ val <<= 8;
+ val |= buf[off];
++ val >>>= 0;
+ }
++
++ // Leading zeroes
++ if (val <= 0x7f) {
++ return false;
++ }
++
+ p.place = off;
+ return val;
+ }
+@@ -61,6 +74,9 @@
+ return false;
+ }
+ var len = getLength(data, p);
++ if (len === false) {
++ return false;
++ }
+ if ((len + p.place) !== data.length) {
+ return false;
+ }
+@@ -68,21 +84,37 @@
+ return false;
+ }
+ var rlen = getLength(data, p);
++ if (rlen === false) {
++ return false;
++ }
+ var r = data.slice(p.place, rlen + p.place);
+ p.place += rlen;
+ if (data[p.place++] !== 0x02) {
+ return false;
+ }
+ var slen = getLength(data, p);
++ if (slen === false) {
++ return false;
++ }
+ if (data.length !== slen + p.place) {
+ return false;
+ }
+ var s = data.slice(p.place, slen + p.place);
+- if (r[0] === 0 && (r[1] & 0x80)) {
+- r = r.slice(1);
+- }
+- if (s[0] === 0 && (s[1] & 0x80)) {
+- s = s.slice(1);
++ if (r[0] === 0) {
++ if (r[1] & 0x80) {
++ r = r.slice(1);
++ } else {
++ // Leading zeroes
++ return false;
++ }
++ }
++ if (s[0] === 0) {
++ if (s[1] & 0x80) {
++ s = s.slice(1);
++ } else {
++ // Leading zeroes
++ return false;
++ }
+ }
+
+ this.r = new BN(r);
diff --git a/debian/patches/series b/debian/patches/series
index 0ee9429..d86ab76 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
use-assert.patch
+CVE-2020-13822.patch
Reply to: