Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: gnutls28@packages.debian.org
Hello,
I would like to fix three minor security issues (non-DSA) in stable.
* 46_handshake-reject-no_renegotiation-alert-if-handshake.patch pulled from
3.6.15: It was found by oss-fuzz that the server sending a
"no_renegotiation" alert in an unexpected timing, followed by an invalid
second handshake can cause a TLS 1.3 client to crash via a null-pointer
dereference. The crash happens in the application's error handling path,
where the gnutls_deinit function is called after detecting a handshake
failure.
GNUTLS-SA-2020-09-04 CVE-2020-24659 Closes: #969547
* Pull multiple fixes designated for 3.6.15 bugfix release:
+ 47_rel3.6.16_01-gnutls_buffer_append_data-remove-duplicated-code.patch
+ 47_rel3.6.16_02-_gnutls_buffer_resize-add-option-to-use-allocation-s.patch
+ 47_rel3.6.16_03-key_share-avoid-use-after-free-around-realloc.patch
(CVE-2021-20231) and
47_rel3.6.16_04-pre_shared_key-avoid-use-after-free-around-realloc.patch
(CVE-2021-20232), both together GNUTLS-SA-2021-03-10.
+ 47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch
+ 47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch
For the latter two I have chose to pick the whole patchset from
upstream's 3.6 branch instead of going for minimal patchset to
minimize potential for error.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
[The following lists of changes regard files as different if they have
different names, permissions or owners.]
Files in second .changes but not in first
-----------------------------------------
-rw-r--r-- root/root /usr/lib/debug/.build-id/a5/52bd1f2b3e277c5f152ee4bfa543405422c9eb.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/b8/65b138a725ed7bfb283c065a3456545653738b.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/bf/7d77672d078e8b8e4ce26a48e80e3770237d37.debug
Files in first .changes but not in second
-----------------------------------------
-rw-r--r-- root/root /usr/lib/debug/.build-id/15/0f941c90e9ce85b45834a40b4a0a4f8f837c63.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/bc/e53405fc0dd81c8428113ca15f83b4a0ef10de.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/e4/b340b2e3c9fa53d8fd14cb8a8e96551f11e60a.debug
Control files of package gnutls-bin: lines which differ (wdiff format)
----------------------------------------------------------------------
Installed-Size: [-1588-] {+1589+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}
Control files of package gnutls-bin-dbgsym: lines which differ (wdiff format)
-----------------------------------------------------------------------------
Depends: gnutls-bin (= [-3.6.7-4+deb10u6)-] {+3.6.7-4+deb10u7)+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}
Control files of package gnutls-doc: lines which differ (wdiff format)
----------------------------------------------------------------------
Installed-Size: [-7333-] {+7334+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}
Control files of package libgnutls-dane0: lines which differ (wdiff format)
---------------------------------------------------------------------------
Depends: libgnutls30 (= [-3.6.7-4+deb10u6),-] {+3.6.7-4+deb10u7),+} libc6 (>= 2.14), libunbound8 (>= 1.8.0)
Installed-Size: [-370-] {+371+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}
Control files of package libgnutls-dane0-dbgsym: lines which differ (wdiff format)
----------------------------------------------------------------------------------
Build-Ids: [-150f941c90e9ce85b45834a40b4a0a4f8f837c63-] {+a552bd1f2b3e277c5f152ee4bfa543405422c9eb+}
Depends: libgnutls-dane0 (= [-3.6.7-4+deb10u6)-] {+3.6.7-4+deb10u7)+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}
Control files of package libgnutls-openssl27: lines which differ (wdiff format)
-------------------------------------------------------------------------------
Depends: libgnutls30 (= [-3.6.7-4+deb10u6),-] {+3.6.7-4+deb10u7),+} libc6 (>= 2.14)
Installed-Size: [-373-] {+374+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}
Control files of package libgnutls-openssl27-dbgsym: lines which differ (wdiff format)
--------------------------------------------------------------------------------------
Build-Ids: [-e4b340b2e3c9fa53d8fd14cb8a8e96551f11e60a-] {+b865b138a725ed7bfb283c065a3456545653738b+}
Depends: libgnutls-openssl27 (= [-3.6.7-4+deb10u6)-] {+3.6.7-4+deb10u7)+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}
Control files of package libgnutls28-dev: lines which differ (wdiff format)
---------------------------------------------------------------------------
Depends: libc6-dev | libc-dev, libgnutls-dane0 (= [-3.6.7-4+deb10u6),-] {+3.6.7-4+deb10u7),+} libgnutls-openssl27 (= [-3.6.7-4+deb10u6),-] {+3.6.7-4+deb10u7),+} libgnutls30 (= [-3.6.7-4+deb10u6),-] {+3.6.7-4+deb10u7),+} libgnutlsxx28 (= [-3.6.7-4+deb10u6),-] {+3.6.7-4+deb10u7),+} libidn2-dev, libp11-kit-dev (>= 0.23.10), libtasn1-6-dev, nettle-dev (>= 3.4.1~rc1)
Installed-Size: [-4316-] {+4317+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}
Control files of package libgnutls30: lines which differ (wdiff format)
-----------------------------------------------------------------------
Installed-Size: [-2648-] {+2649+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}
Control files of package libgnutls30-dbgsym: lines which differ (wdiff format)
------------------------------------------------------------------------------
Build-Ids: [-bce53405fc0dd81c8428113ca15f83b4a0ef10de-] {+bf7d77672d078e8b8e4ce26a48e80e3770237d37+}
Depends: libgnutls30 (= [-3.6.7-4+deb10u6)-] {+3.6.7-4+deb10u7)+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}
Control files of package libgnutlsxx28: lines which differ (wdiff format)
-------------------------------------------------------------------------
Depends: libgnutls30 (= [-3.6.7-4+deb10u6),-] {+3.6.7-4+deb10u7),+} libc6 (>= 2.14), libgcc1 (>= 1:3.0), libstdc++6 (>= 5)
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}
Control files of package libgnutlsxx28-dbgsym: lines which differ (wdiff format)
--------------------------------------------------------------------------------
Depends: libgnutlsxx28 (= [-3.6.7-4+deb10u6)-] {+3.6.7-4+deb10u7)+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}
diff -Nru gnutls28-3.6.7/debian/changelog gnutls28-3.6.7/debian/changelog
--- gnutls28-3.6.7/debian/changelog 2021-01-02 18:10:33.000000000 +0100
+++ gnutls28-3.6.7/debian/changelog 2021-05-14 13:33:38.000000000 +0200
@@ -1,3 +1,25 @@
+gnutls28 (3.6.7-4+deb10u7) buster; urgency=medium
+
+ * 46_handshake-reject-no_renegotiation-alert-if-handshake.patch pulled from
+ 3.6.15: It was found by oss-fuzz that the server sending a
+ "no_renegotiation" alert in an unexpected timing, followed by an invalid
+ second handshake can cause a TLS 1.3 client to crash via a null-pointer
+ dereference. The crash happens in the application's error handling path,
+ where the gnutls_deinit function is called after detecting a handshake
+ failure.
+ GNUTLS-SA-2020-09-04 CVE-2020-24659 Closes: #969547
+ * Pull multiple fixes designated for 3.6.15 bugfix release:
+ + 47_rel3.6.16_01-gnutls_buffer_append_data-remove-duplicated-code.patch
+ + 47_rel3.6.16_02-_gnutls_buffer_resize-add-option-to-use-allocation-s.patch
+ + 47_rel3.6.16_03-key_share-avoid-use-after-free-around-realloc.patch
+ (CVE-2021-20231) and
+ 47_rel3.6.16_04-pre_shared_key-avoid-use-after-free-around-realloc.patch
+ (CVE-2021-20232), both together GNUTLS-SA-2021-03-10.
+ + 47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch
+ + 47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 14 May 2021 13:33:38 +0200
+
gnutls28 (3.6.7-4+deb10u6) buster; urgency=medium
* 45_4.7.0plus-01_testpkcs11-use-datefudge-to-trick-certificate-expiry.patch
diff -Nru gnutls28-3.6.7/debian/patches/46_handshake-reject-no_renegotiation-alert-if-handshake.patch gnutls28-3.6.7/debian/patches/46_handshake-reject-no_renegotiation-alert-if-handshake.patch
--- gnutls28-3.6.7/debian/patches/46_handshake-reject-no_renegotiation-alert-if-handshake.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/46_handshake-reject-no_renegotiation-alert-if-handshake.patch 2021-05-11 18:08:00.000000000 +0200
@@ -0,0 +1,112 @@
+From 521e6492b9bbc8ec1519924526942cf2fc719497 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Sat, 22 Aug 2020 17:19:39 +0200
+Subject: [PATCH] handshake: reject no_renegotiation alert if handshake is
+ incomplete
+
+If the initial handshake is incomplete and the server sends a
+no_renegotiation alert, the client should treat it as a fatal error
+even if its level is warning. Otherwise the same handshake
+state (e.g., DHE parameters) are reused in the next gnutls_handshake
+call, if it is called in the loop idiom:
+
+ do {
+ ret = gnutls_handshake(session);
+ } while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ ...a04b3d3f7dcc0ab4571cf0df3b67ab7e1005e9e7a8 | Bin 0 -> 671 bytes
+ ...1da801fb3c6d1f7f846f227721e221adea08aa319c | Bin 0 -> 729 bytes
+ lib/gnutls_int.h | 1 +
+ lib/handshake.c | 48 +++++++++++++-----
+ 4 files changed, 36 insertions(+), 13 deletions(-)
+ create mode 100644 fuzz/gnutls_client_fuzzer.in/00ea40761ce11e769f1817a04b3d3f7dcc0ab4571cf0df3b67ab7e1005e9e7a8
+ create mode 100644 fuzz/gnutls_psk_client_fuzzer.in/b16434290b77e13d7a983d1da801fb3c6d1f7f846f227721e221adea08aa319c
+
+--- a/lib/gnutls_int.h
++++ b/lib/gnutls_int.h
+@@ -1366,6 +1366,8 @@ typedef struct {
+ #define HSK_RECORD_SIZE_LIMIT_SENT (1<<25) /* record_size_limit extension was sent */
+ #define HSK_RECORD_SIZE_LIMIT_RECEIVED (1<<26) /* server: record_size_limit extension was seen but not accepted yet */
+
++#define HSK_SERVER_HELLO_RECEIVED (1<<29) /* client: Server Hello message has been received */
++
+ /* The hsk_flags are for use within the ongoing handshake;
+ * they are reset to zero prior to handshake start by gnutls_handshake. */
+ unsigned hsk_flags;
+--- a/lib/handshake.c
++++ b/lib/handshake.c
+@@ -1824,6 +1824,8 @@ static int generate_early_traffic_secret
+ session->key.proto.tls13.e_ckey,
+ prf->output_size);
+
++ session->internals.hsk_flags |= HSK_SERVER_HELLO_RECEIVED;
++
+ return 0;
+ }
+
+@@ -2636,16 +2638,42 @@ int gnutls_rehandshake(gnutls_session_t
+ return 0;
+ }
+
++/* This function checks whether the error code should be treated fatal
++ * or not, and also does the necessary state transition. In
++ * particular, in the case of a rehandshake abort it resets the
++ * handshake's internal state.
++ */
+ inline static int
+ _gnutls_abort_handshake(gnutls_session_t session, int ret)
+ {
+- if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) &&
+- (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION))
+- || ret == GNUTLS_E_GOT_APPLICATION_DATA)
+- return 0;
++ switch (ret) {
++ case GNUTLS_E_WARNING_ALERT_RECEIVED:
++ if (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION) {
++ /* The server always toleretes a "no_renegotiation" alert. */
++ if (session->security_parameters.entity == GNUTLS_SERVER) {
++ STATE = STATE0;
++ return ret;
++ }
+
+- /* this doesn't matter */
+- return GNUTLS_E_INTERNAL_ERROR;
++ /* The client should tolerete a "no_renegotiation" alert only if:
++ * - the initial handshake has completed, or
++ * - a Server Hello is not yet received
++ */
++ if (session->internals.initial_negotiation_completed ||
++ !(session->internals.hsk_flags & HSK_SERVER_HELLO_RECEIVED)) {
++ STATE = STATE0;
++ return ret;
++ }
++
++ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
++ }
++ return ret;
++ case GNUTLS_E_GOT_APPLICATION_DATA:
++ STATE = STATE0;
++ return ret;
++ default:
++ return ret;
++ }
+ }
+
+
+@@ -2807,13 +2835,7 @@ int gnutls_handshake(gnutls_session_t se
+ }
+
+ if (ret < 0) {
+- /* In the case of a rehandshake abort
+- * we should reset the handshake's internal state.
+- */
+- if (_gnutls_abort_handshake(session, ret) == 0)
+- STATE = STATE0;
+-
+- return ret;
++ return _gnutls_abort_handshake(session, ret);
+ }
+
+ /* clear handshake buffer */
diff -Nru gnutls28-3.6.7/debian/patches/47_rel3.6.16_01-gnutls_buffer_append_data-remove-duplicated-code.patch gnutls28-3.6.7/debian/patches/47_rel3.6.16_01-gnutls_buffer_append_data-remove-duplicated-code.patch
--- gnutls28-3.6.7/debian/patches/47_rel3.6.16_01-gnutls_buffer_append_data-remove-duplicated-code.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/47_rel3.6.16_01-gnutls_buffer_append_data-remove-duplicated-code.patch 2021-05-11 18:08:00.000000000 +0200
@@ -0,0 +1,57 @@
+From 54e161b9dabe4bd3b08b532475294a37c7562b45 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Tue, 9 Mar 2021 13:07:26 +0100
+Subject: [PATCH 1/6] gnutls_buffer_append_data: remove duplicated code
+
+The function shared the same logic as in _gnutls_buffer_resize.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/str.c | 24 ++++--------------------
+ 1 file changed, 4 insertions(+), 20 deletions(-)
+
+diff --git a/lib/str.c b/lib/str.c
+index e31449937d..2247fc322b 100644
+--- a/lib/str.c
++++ b/lib/str.c
+@@ -113,7 +113,7 @@ gnutls_buffer_append_data(gnutls_buffer_t dest, const void *data,
+ size_t data_size)
+ {
+ size_t const tot_len = data_size + dest->length;
+- size_t const unused = MEMSUB(dest->data, dest->allocd);
++ int ret;
+
+ if (unlikely(dest->data != NULL && dest->allocd == NULL))
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+@@ -126,25 +126,9 @@ gnutls_buffer_append_data(gnutls_buffer_t dest, const void *data,
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ }
+
+- if (dest->max_length >= tot_len) {
+-
+- if (dest->max_length - unused <= tot_len) {
+- align_allocd_with_data(dest);
+- }
+- } else {
+- size_t const new_len =
+- MAX(data_size, MIN_CHUNK) + MAX(dest->max_length,
+- MIN_CHUNK);
+-
+- dest->allocd = gnutls_realloc_fast(dest->allocd, new_len);
+- if (dest->allocd == NULL) {
+- gnutls_assert();
+- return GNUTLS_E_MEMORY_ERROR;
+- }
+- dest->max_length = new_len;
+- dest->data = dest->allocd + unused;
+-
+- align_allocd_with_data(dest);
++ ret = _gnutls_buffer_resize(dest, tot_len);
++ if (ret < 0) {
++ return ret;
+ }
+ assert(dest->data != NULL);
+
+--
+2.30.2
+
diff -Nru gnutls28-3.6.7/debian/patches/47_rel3.6.16_02-_gnutls_buffer_resize-add-option-to-use-allocation-s.patch gnutls28-3.6.7/debian/patches/47_rel3.6.16_02-_gnutls_buffer_resize-add-option-to-use-allocation-s.patch
--- gnutls28-3.6.7/debian/patches/47_rel3.6.16_02-_gnutls_buffer_resize-add-option-to-use-allocation-s.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/47_rel3.6.16_02-_gnutls_buffer_resize-add-option-to-use-allocation-s.patch 2021-05-11 18:08:00.000000000 +0200
@@ -0,0 +1,70 @@
+From 65695373e10ed0654bff60fe0dcd00137ddfffe8 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Tue, 9 Mar 2021 13:41:59 +0100
+Subject: [PATCH 2/6] _gnutls_buffer_resize: add option to use allocation
+ simpler logic
+
+This helps detect common mistakes[1] in realloc usage with valgrind,
+where the caller assumes that the original ptr is always returned.
+
+1. https://bugzilla.mozilla.org/show_bug.cgi?id=1377618
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>
+---
+ lib/str.c | 32 ++++++++++++++++++++++++++++++++
+ 1 file changed, 32 insertions(+)
+
+diff --git a/lib/str.c b/lib/str.c
+index 2247fc322b..506fe17210 100644
+--- a/lib/str.c
++++ b/lib/str.c
+@@ -138,6 +138,36 @@ gnutls_buffer_append_data(gnutls_buffer_t dest, const void *data,
+ return 0;
+ }
+
++#ifdef AGGRESSIVE_REALLOC
++
++/* Use a simpler logic for reallocation; i.e., always call
++ * gnutls_realloc_fast() and do not reclaim the no-longer-used
++ * area which has been removed from the beginning of buffer
++ * with _gnutls_buffer_pop_datum(). This helps hit more
++ * issues when running under valgrind.
++ */
++int _gnutls_buffer_resize(gnutls_buffer_st * dest, size_t new_size)
++{
++ size_t unused;
++
++ if (unlikely(dest->data != NULL && dest->allocd == NULL))
++ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
++
++ unused = MEMSUB(dest->data, dest->allocd);
++ dest->allocd =
++ gnutls_realloc_fast(dest->allocd, new_size);
++ if (dest->allocd == NULL) {
++ gnutls_assert();
++ return GNUTLS_E_MEMORY_ERROR;
++ }
++ dest->max_length = new_size;
++ dest->data = dest->allocd + unused;
++
++ return 0;
++}
++
++#else
++
+ int _gnutls_buffer_resize(gnutls_buffer_st * dest, size_t new_size)
+ {
+ if (unlikely(dest->data != NULL && dest->allocd == NULL))
+@@ -171,6 +201,8 @@ int _gnutls_buffer_resize(gnutls_buffer_st * dest, size_t new_size)
+ }
+ }
+
++#endif
++
+ /* Appends the provided string. The null termination byte is appended
+ * but not included in length.
+ */
+--
+2.30.2
+
diff -Nru gnutls28-3.6.7/debian/patches/47_rel3.6.16_03-key_share-avoid-use-after-free-around-realloc.patch gnutls28-3.6.7/debian/patches/47_rel3.6.16_03-key_share-avoid-use-after-free-around-realloc.patch
--- gnutls28-3.6.7/debian/patches/47_rel3.6.16_03-key_share-avoid-use-after-free-around-realloc.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/47_rel3.6.16_03-key_share-avoid-use-after-free-around-realloc.patch 2021-05-11 18:08:00.000000000 +0200
@@ -0,0 +1,62 @@
+From 254ee88e6f20975604b9247d1764c3fcbac448ee Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Fri, 29 Jan 2021 14:06:32 +0100
+Subject: [PATCH 3/6] key_share: avoid use-after-free around realloc
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/ext/key_share.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c
+index ab8abf8fe6..a8c4bb5cff 100644
+--- a/lib/ext/key_share.c
++++ b/lib/ext/key_share.c
+@@ -664,14 +664,14 @@ key_share_send_params(gnutls_session_t session,
+ {
+ unsigned i;
+ int ret;
+- unsigned char *lengthp;
+- unsigned int cur_length;
+ unsigned int generated = 0;
+ const gnutls_group_entry_st *group;
+ const version_entry_st *ver;
+
+ /* this extension is only being sent on client side */
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
++ unsigned int length_pos;
++
+ ver = _gnutls_version_max(session);
+ if (unlikely(ver == NULL || ver->key_shares == 0))
+ return 0;
+@@ -679,16 +679,13 @@ key_share_send_params(gnutls_session_t session,
+ if (!have_creds_for_tls13(session))
+ return 0;
+
+- /* write the total length later */
+- lengthp = &extdata->data[extdata->length];
++ length_pos = extdata->length;
+
+ ret =
+ _gnutls_buffer_append_prefix(extdata, 16, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+- cur_length = extdata->length;
+-
+ if (session->internals.hsk_flags & HSK_HRR_RECEIVED) { /* we know the group */
+ group = get_group(session);
+ if (unlikely(group == NULL))
+@@ -736,7 +733,8 @@ key_share_send_params(gnutls_session_t session,
+ }
+
+ /* copy actual length */
+- _gnutls_write_uint16(extdata->length - cur_length, lengthp);
++ _gnutls_write_uint16(extdata->length - length_pos - 2,
++ &extdata->data[length_pos]);
+
+ } else { /* server */
+ ver = get_version(session);
+--
+2.30.2
+
diff -Nru gnutls28-3.6.7/debian/patches/47_rel3.6.16_04-pre_shared_key-avoid-use-after-free-around-realloc.patch gnutls28-3.6.7/debian/patches/47_rel3.6.16_04-pre_shared_key-avoid-use-after-free-around-realloc.patch
--- gnutls28-3.6.7/debian/patches/47_rel3.6.16_04-pre_shared_key-avoid-use-after-free-around-realloc.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/47_rel3.6.16_04-pre_shared_key-avoid-use-after-free-around-realloc.patch 2021-05-11 18:08:00.000000000 +0200
@@ -0,0 +1,60 @@
+From 9bdb7bb60ebddaa8f167e5cfae317dbf202f0e67 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Fri, 29 Jan 2021 14:06:50 +0100
+Subject: [PATCH 4/6] pre_shared_key: avoid use-after-free around realloc
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/ext/pre_shared_key.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
+index 240be21625..c66b40e9fd 100644
+--- a/lib/ext/pre_shared_key.c
++++ b/lib/ext/pre_shared_key.c
+@@ -267,7 +267,7 @@ client_send_params(gnutls_session_t session,
+ size_t spos;
+ gnutls_datum_t username = {NULL, 0};
+ gnutls_datum_t user_key = {NULL, 0}, rkey = {NULL, 0};
+- gnutls_datum_t client_hello;
++ unsigned client_hello_len;
+ unsigned next_idx;
+ const mac_entry_st *prf_res = NULL;
+ const mac_entry_st *prf_psk = NULL;
+@@ -430,8 +430,7 @@ client_send_params(gnutls_session_t session,
+ assert(extdata->length >= sizeof(mbuffer_st));
+ assert(ext_offset >= (ssize_t)sizeof(mbuffer_st));
+ ext_offset -= sizeof(mbuffer_st);
+- client_hello.data = extdata->data+sizeof(mbuffer_st);
+- client_hello.size = extdata->length-sizeof(mbuffer_st);
++ client_hello_len = extdata->length-sizeof(mbuffer_st);
+
+ next_idx = 0;
+
+@@ -442,6 +441,11 @@ client_send_params(gnutls_session_t session,
+ }
+
+ if (prf_res && rkey.size > 0) {
++ gnutls_datum_t client_hello;
++
++ client_hello.data = extdata->data+sizeof(mbuffer_st);
++ client_hello.size = client_hello_len;
++
+ ret = compute_psk_binder(session, prf_res,
+ binders_len, binders_pos,
+ ext_offset, &rkey, &client_hello, 1,
+@@ -476,6 +480,11 @@ client_send_params(gnutls_session_t session,
+ }
+
+ if (prf_psk && user_key.size > 0 && info) {
++ gnutls_datum_t client_hello;
++
++ client_hello.data = extdata->data+sizeof(mbuffer_st);
++ client_hello.size = client_hello_len;
++
+ ret = compute_psk_binder(session, prf_psk,
+ binders_len, binders_pos,
+ ext_offset, &user_key, &client_hello, 0,
+--
+2.30.2
+
diff -Nru gnutls28-3.6.7/debian/patches/47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch gnutls28-3.6.7/debian/patches/47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch
--- gnutls28-3.6.7/debian/patches/47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch 2021-05-11 18:08:00.000000000 +0200
@@ -0,0 +1,33 @@
+From 8de3bd90e1d958147331882a51263216b5ea96d2 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Wed, 10 Mar 2021 16:11:29 +0100
+Subject: [PATCH 5/6] _gnutls_buffer_resize: account for unused area if
+ AGGRESSIVE_REALLOC
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/str.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/str.c b/lib/str.c
+index 506fe17210..bc20ebb04f 100644
+--- a/lib/str.c
++++ b/lib/str.c
+@@ -155,12 +155,12 @@ int _gnutls_buffer_resize(gnutls_buffer_st * dest, size_t new_size)
+
+ unused = MEMSUB(dest->data, dest->allocd);
+ dest->allocd =
+- gnutls_realloc_fast(dest->allocd, new_size);
++ gnutls_realloc_fast(dest->allocd, new_size + unused);
+ if (dest->allocd == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+- dest->max_length = new_size;
++ dest->max_length = new_size + unused;
+ dest->data = dest->allocd + unused;
+
+ return 0;
+--
+2.30.2
+
diff -Nru gnutls28-3.6.7/debian/patches/47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch gnutls28-3.6.7/debian/patches/47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch
--- gnutls28-3.6.7/debian/patches/47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch 2021-05-11 18:08:00.000000000 +0200
@@ -0,0 +1,50 @@
+From dc07b8228b4bab83af5bcf7a2efd9d2a0f10f628 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Wed, 10 Mar 2021 16:12:23 +0100
+Subject: [PATCH 6/6] str: suppress -Wunused-function if AGGRESSIVE_REALLOC is
+ defined
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/str.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/lib/str.c b/lib/str.c
+index bc20ebb04f..8007340f1e 100644
+--- a/lib/str.c
++++ b/lib/str.c
+@@ -87,15 +87,6 @@ void _gnutls_buffer_clear(gnutls_buffer_st * str)
+
+ #define MIN_CHUNK 1024
+
+-static void align_allocd_with_data(gnutls_buffer_st * dest)
+-{
+- assert(dest->allocd != NULL);
+- assert(dest->data != NULL);
+- if (dest->length)
+- memmove(dest->allocd, dest->data, dest->length);
+- dest->data = dest->allocd;
+-}
+-
+ /**
+ * gnutls_buffer_append_data:
+ * @dest: the buffer to append to
+@@ -168,6 +159,15 @@ int _gnutls_buffer_resize(gnutls_buffer_st * dest, size_t new_size)
+
+ #else
+
++static void align_allocd_with_data(gnutls_buffer_st * dest)
++{
++ assert(dest->allocd != NULL);
++ assert(dest->data != NULL);
++ if (dest->length)
++ memmove(dest->allocd, dest->data, dest->length);
++ dest->data = dest->allocd;
++}
++
+ int _gnutls_buffer_resize(gnutls_buffer_st * dest, size_t new_size)
+ {
+ if (unlikely(dest->data != NULL && dest->allocd == NULL))
+--
+2.30.2
+
diff -Nru gnutls28-3.6.7/debian/patches/series gnutls28-3.6.7/debian/patches/series
--- gnutls28-3.6.7/debian/patches/series 2021-01-02 14:18:50.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/series 2021-05-11 18:13:03.000000000 +0200
@@ -16,3 +16,10 @@
44_rel3.6.14_17-tests-add-test-case-for-certificate-chain-supersedin.patch
44_rel3.6.14_90-stek-differentiate-initial-state-from-valid-time-win.patch
45_4.7.0plus-01_testpkcs11-use-datefudge-to-trick-certificate-expiry.patch
+46_handshake-reject-no_renegotiation-alert-if-handshake.patch
+47_rel3.6.16_01-gnutls_buffer_append_data-remove-duplicated-code.patch
+47_rel3.6.16_02-_gnutls_buffer_resize-add-option-to-use-allocation-s.patch
+47_rel3.6.16_03-key_share-avoid-use-after-free-around-realloc.patch
+47_rel3.6.16_04-pre_shared_key-avoid-use-after-free-around-realloc.patch
+47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch
+47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch
Attachment:
signature.asc
Description: PGP signature