[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#988508: marked as done (buster-pu: package gnutls28/3.6.7-4+deb10u7)

Your message dated Sat, 19 Jun 2021 10:56:39 +0100
with message-id <5c65c3ad2ac9b1b1f78bf73b1cf073041e619b51.camel@adam-barratt.org.uk>
and subject line Closing p-u requests for fixes included in 10.10 point release
has caused the Debian Bug report #988508,
regarding buster-pu: package gnutls28/3.6.7-4+deb10u7
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
988508: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988508
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: gnutls28@packages.debian.org

Hello,

I would like to fix three minor security issues (non-DSA) in stable.
* 46_handshake-reject-no_renegotiation-alert-if-handshake.patch pulled from
  3.6.15: It was found by oss-fuzz that the server sending a
  "no_renegotiation" alert in an unexpected timing, followed by an invalid
  second handshake can cause a TLS 1.3 client to crash via a null-pointer
  dereference. The crash happens in the application's error handling path,
  where the gnutls_deinit function is called after detecting a handshake
  failure.
  GNUTLS-SA-2020-09-04 CVE-2020-24659 Closes: #969547
* Pull multiple fixes designated for 3.6.15 bugfix release:
  + 47_rel3.6.16_01-gnutls_buffer_append_data-remove-duplicated-code.patch
  + 47_rel3.6.16_02-_gnutls_buffer_resize-add-option-to-use-allocation-s.patch
  + 47_rel3.6.16_03-key_share-avoid-use-after-free-around-realloc.patch
    (CVE-2021-20231) and
    47_rel3.6.16_04-pre_shared_key-avoid-use-after-free-around-realloc.patch
    (CVE-2021-20232), both together GNUTLS-SA-2021-03-10.
  + 47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch
  + 47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch

For the latter two I have chose to pick the whole patchset from
upstream's 3.6 branch instead of going for minimal patchset to
minimize potential for error.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

[The following lists of changes regard files as different if they have
different names, permissions or owners.]

Files in second .changes but not in first
-----------------------------------------
-rw-r--r--  root/root   /usr/lib/debug/.build-id/a5/52bd1f2b3e277c5f152ee4bfa543405422c9eb.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/b8/65b138a725ed7bfb283c065a3456545653738b.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/bf/7d77672d078e8b8e4ce26a48e80e3770237d37.debug

Files in first .changes but not in second
-----------------------------------------
-rw-r--r--  root/root   /usr/lib/debug/.build-id/15/0f941c90e9ce85b45834a40b4a0a4f8f837c63.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/bc/e53405fc0dd81c8428113ca15f83b4a0ef10de.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/e4/b340b2e3c9fa53d8fd14cb8a8e96551f11e60a.debug

Control files of package gnutls-bin: lines which differ (wdiff format)
----------------------------------------------------------------------
Installed-Size: [-1588-] {+1589+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}

Control files of package gnutls-bin-dbgsym: lines which differ (wdiff format)
-----------------------------------------------------------------------------
Depends: gnutls-bin (= [-3.6.7-4+deb10u6)-] {+3.6.7-4+deb10u7)+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}

Control files of package gnutls-doc: lines which differ (wdiff format)
----------------------------------------------------------------------
Installed-Size: [-7333-] {+7334+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}

Control files of package libgnutls-dane0: lines which differ (wdiff format)
---------------------------------------------------------------------------
Depends: libgnutls30 (= [-3.6.7-4+deb10u6),-] {+3.6.7-4+deb10u7),+} libc6 (>= 2.14), libunbound8 (>= 1.8.0)
Installed-Size: [-370-] {+371+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}

Control files of package libgnutls-dane0-dbgsym: lines which differ (wdiff format)
----------------------------------------------------------------------------------
Build-Ids: [-150f941c90e9ce85b45834a40b4a0a4f8f837c63-] {+a552bd1f2b3e277c5f152ee4bfa543405422c9eb+}
Depends: libgnutls-dane0 (= [-3.6.7-4+deb10u6)-] {+3.6.7-4+deb10u7)+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}

Control files of package libgnutls-openssl27: lines which differ (wdiff format)
-------------------------------------------------------------------------------
Depends: libgnutls30 (= [-3.6.7-4+deb10u6),-] {+3.6.7-4+deb10u7),+} libc6 (>= 2.14)
Installed-Size: [-373-] {+374+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}

Control files of package libgnutls-openssl27-dbgsym: lines which differ (wdiff format)
--------------------------------------------------------------------------------------
Build-Ids: [-e4b340b2e3c9fa53d8fd14cb8a8e96551f11e60a-] {+b865b138a725ed7bfb283c065a3456545653738b+}
Depends: libgnutls-openssl27 (= [-3.6.7-4+deb10u6)-] {+3.6.7-4+deb10u7)+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}

Control files of package libgnutls28-dev: lines which differ (wdiff format)
---------------------------------------------------------------------------
Depends: libc6-dev | libc-dev, libgnutls-dane0 (= [-3.6.7-4+deb10u6),-] {+3.6.7-4+deb10u7),+} libgnutls-openssl27 (= [-3.6.7-4+deb10u6),-] {+3.6.7-4+deb10u7),+} libgnutls30 (= [-3.6.7-4+deb10u6),-] {+3.6.7-4+deb10u7),+} libgnutlsxx28 (= [-3.6.7-4+deb10u6),-] {+3.6.7-4+deb10u7),+} libidn2-dev, libp11-kit-dev (>= 0.23.10), libtasn1-6-dev, nettle-dev (>= 3.4.1~rc1)
Installed-Size: [-4316-] {+4317+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}

Control files of package libgnutls30: lines which differ (wdiff format)
-----------------------------------------------------------------------
Installed-Size: [-2648-] {+2649+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}

Control files of package libgnutls30-dbgsym: lines which differ (wdiff format)
------------------------------------------------------------------------------
Build-Ids: [-bce53405fc0dd81c8428113ca15f83b4a0ef10de-] {+bf7d77672d078e8b8e4ce26a48e80e3770237d37+}
Depends: libgnutls30 (= [-3.6.7-4+deb10u6)-] {+3.6.7-4+deb10u7)+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}

Control files of package libgnutlsxx28: lines which differ (wdiff format)
-------------------------------------------------------------------------
Depends: libgnutls30 (= [-3.6.7-4+deb10u6),-] {+3.6.7-4+deb10u7),+} libc6 (>= 2.14), libgcc1 (>= 1:3.0), libstdc++6 (>= 5)
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}

Control files of package libgnutlsxx28-dbgsym: lines which differ (wdiff format)
--------------------------------------------------------------------------------
Depends: libgnutlsxx28 (= [-3.6.7-4+deb10u6)-] {+3.6.7-4+deb10u7)+}
Version: [-3.6.7-4+deb10u6-] {+3.6.7-4+deb10u7+}



diff -Nru gnutls28-3.6.7/debian/changelog gnutls28-3.6.7/debian/changelog
--- gnutls28-3.6.7/debian/changelog	2021-01-02 18:10:33.000000000 +0100
+++ gnutls28-3.6.7/debian/changelog	2021-05-14 13:33:38.000000000 +0200
@@ -1,3 +1,25 @@
+gnutls28 (3.6.7-4+deb10u7) buster; urgency=medium
+
+  * 46_handshake-reject-no_renegotiation-alert-if-handshake.patch pulled from
+    3.6.15: It was found by oss-fuzz that the server sending a
+    "no_renegotiation" alert in an unexpected timing, followed by an invalid
+    second handshake can cause a TLS 1.3 client to crash via a null-pointer
+    dereference. The crash happens in the application's error handling path,
+    where the gnutls_deinit function is called after detecting a handshake
+    failure.
+    GNUTLS-SA-2020-09-04 CVE-2020-24659 Closes: #969547
+  * Pull multiple fixes designated for 3.6.15 bugfix release:
+    + 47_rel3.6.16_01-gnutls_buffer_append_data-remove-duplicated-code.patch
+    + 47_rel3.6.16_02-_gnutls_buffer_resize-add-option-to-use-allocation-s.patch
+    + 47_rel3.6.16_03-key_share-avoid-use-after-free-around-realloc.patch
+      (CVE-2021-20231) and
+      47_rel3.6.16_04-pre_shared_key-avoid-use-after-free-around-realloc.patch
+      (CVE-2021-20232), both together GNUTLS-SA-2021-03-10.
+    + 47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch
+    + 47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch
+
+ -- Andreas Metzler <ametzler@debian.org>  Fri, 14 May 2021 13:33:38 +0200
+
 gnutls28 (3.6.7-4+deb10u6) buster; urgency=medium
 
   * 45_4.7.0plus-01_testpkcs11-use-datefudge-to-trick-certificate-expiry.patch
diff -Nru gnutls28-3.6.7/debian/patches/46_handshake-reject-no_renegotiation-alert-if-handshake.patch gnutls28-3.6.7/debian/patches/46_handshake-reject-no_renegotiation-alert-if-handshake.patch
--- gnutls28-3.6.7/debian/patches/46_handshake-reject-no_renegotiation-alert-if-handshake.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/46_handshake-reject-no_renegotiation-alert-if-handshake.patch	2021-05-11 18:08:00.000000000 +0200
@@ -0,0 +1,112 @@
+From 521e6492b9bbc8ec1519924526942cf2fc719497 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Sat, 22 Aug 2020 17:19:39 +0200
+Subject: [PATCH] handshake: reject no_renegotiation alert if handshake is
+ incomplete
+
+If the initial handshake is incomplete and the server sends a
+no_renegotiation alert, the client should treat it as a fatal error
+even if its level is warning.  Otherwise the same handshake
+state (e.g., DHE parameters) are reused in the next gnutls_handshake
+call, if it is called in the loop idiom:
+
+  do {
+          ret = gnutls_handshake(session);
+  } while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ ...a04b3d3f7dcc0ab4571cf0df3b67ab7e1005e9e7a8 | Bin 0 -> 671 bytes
+ ...1da801fb3c6d1f7f846f227721e221adea08aa319c | Bin 0 -> 729 bytes
+ lib/gnutls_int.h                              |   1 +
+ lib/handshake.c                               |  48 +++++++++++++-----
+ 4 files changed, 36 insertions(+), 13 deletions(-)
+ create mode 100644 fuzz/gnutls_client_fuzzer.in/00ea40761ce11e769f1817a04b3d3f7dcc0ab4571cf0df3b67ab7e1005e9e7a8
+ create mode 100644 fuzz/gnutls_psk_client_fuzzer.in/b16434290b77e13d7a983d1da801fb3c6d1f7f846f227721e221adea08aa319c
+
+--- a/lib/gnutls_int.h
++++ b/lib/gnutls_int.h
+@@ -1366,6 +1366,8 @@ typedef struct {
+ #define HSK_RECORD_SIZE_LIMIT_SENT (1<<25) /* record_size_limit extension was sent */
+ #define HSK_RECORD_SIZE_LIMIT_RECEIVED (1<<26) /* server: record_size_limit extension was seen but not accepted yet */
+ 
++#define HSK_SERVER_HELLO_RECEIVED (1<<29) /* client: Server Hello message has been received */
++
+ 	/* The hsk_flags are for use within the ongoing handshake;
+ 	 * they are reset to zero prior to handshake start by gnutls_handshake. */
+ 	unsigned hsk_flags;
+--- a/lib/handshake.c
++++ b/lib/handshake.c
+@@ -1824,6 +1824,8 @@ static int generate_early_traffic_secret
+ 				 session->key.proto.tls13.e_ckey,
+ 				 prf->output_size);
+ 
++	session->internals.hsk_flags |= HSK_SERVER_HELLO_RECEIVED;
++
+ 	return 0;
+ }
+ 
+@@ -2636,16 +2638,42 @@ int gnutls_rehandshake(gnutls_session_t
+ 	return 0;
+ }
+ 
++/* This function checks whether the error code should be treated fatal
++ * or not, and also does the necessary state transition.  In
++ * particular, in the case of a rehandshake abort it resets the
++ * handshake's internal state.
++ */
+ inline static int
+ _gnutls_abort_handshake(gnutls_session_t session, int ret)
+ {
+-	if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) &&
+-	     (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION))
+-	    || ret == GNUTLS_E_GOT_APPLICATION_DATA)
+-		return 0;
++	switch (ret) {
++	case GNUTLS_E_WARNING_ALERT_RECEIVED:
++		if (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION) {
++			/* The server always toleretes a "no_renegotiation" alert. */
++			if (session->security_parameters.entity == GNUTLS_SERVER) {
++				STATE = STATE0;
++				return ret;
++			}
+ 
+-	/* this doesn't matter */
+-	return GNUTLS_E_INTERNAL_ERROR;
++			/* The client should tolerete a "no_renegotiation" alert only if:
++			 * - the initial handshake has completed, or
++			 * - a Server Hello is not yet received
++			 */
++			if (session->internals.initial_negotiation_completed ||
++			    !(session->internals.hsk_flags & HSK_SERVER_HELLO_RECEIVED)) {
++				STATE = STATE0;
++				return ret;
++			}
++
++			return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
++		}
++		return ret;
++	case GNUTLS_E_GOT_APPLICATION_DATA:
++		STATE = STATE0;
++		return ret;
++	default:
++		return ret;
++	}
+ }
+ 
+ 
+@@ -2807,13 +2835,7 @@ int gnutls_handshake(gnutls_session_t se
+ 	}
+ 
+ 	if (ret < 0) {
+-		/* In the case of a rehandshake abort
+-		 * we should reset the handshake's internal state.
+-		 */
+-		if (_gnutls_abort_handshake(session, ret) == 0)
+-			STATE = STATE0;
+-
+-		return ret;
++		return _gnutls_abort_handshake(session, ret);
+ 	}
+ 
+ 	/* clear handshake buffer */
diff -Nru gnutls28-3.6.7/debian/patches/47_rel3.6.16_01-gnutls_buffer_append_data-remove-duplicated-code.patch gnutls28-3.6.7/debian/patches/47_rel3.6.16_01-gnutls_buffer_append_data-remove-duplicated-code.patch
--- gnutls28-3.6.7/debian/patches/47_rel3.6.16_01-gnutls_buffer_append_data-remove-duplicated-code.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/47_rel3.6.16_01-gnutls_buffer_append_data-remove-duplicated-code.patch	2021-05-11 18:08:00.000000000 +0200
@@ -0,0 +1,57 @@
+From 54e161b9dabe4bd3b08b532475294a37c7562b45 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Tue, 9 Mar 2021 13:07:26 +0100
+Subject: [PATCH 1/6] gnutls_buffer_append_data: remove duplicated code
+
+The function shared the same logic as in _gnutls_buffer_resize.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/str.c | 24 ++++--------------------
+ 1 file changed, 4 insertions(+), 20 deletions(-)
+
+diff --git a/lib/str.c b/lib/str.c
+index e31449937d..2247fc322b 100644
+--- a/lib/str.c
++++ b/lib/str.c
+@@ -113,7 +113,7 @@ gnutls_buffer_append_data(gnutls_buffer_t dest, const void *data,
+ 			   size_t data_size)
+ {
+ 	size_t const tot_len = data_size + dest->length;
+-	size_t const unused = MEMSUB(dest->data, dest->allocd);
++	int ret;
+ 
+ 	if (unlikely(dest->data != NULL && dest->allocd == NULL))
+ 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+@@ -126,25 +126,9 @@ gnutls_buffer_append_data(gnutls_buffer_t dest, const void *data,
+ 		return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ 	}
+ 
+-	if (dest->max_length >= tot_len) {
+-
+-		if (dest->max_length - unused <= tot_len) {
+-			align_allocd_with_data(dest);
+-		}
+-	} else {
+-		size_t const new_len =
+-		    MAX(data_size, MIN_CHUNK) + MAX(dest->max_length,
+-						    MIN_CHUNK);
+-
+-		dest->allocd = gnutls_realloc_fast(dest->allocd, new_len);
+-		if (dest->allocd == NULL) {
+-			gnutls_assert();
+-			return GNUTLS_E_MEMORY_ERROR;
+-		}
+-		dest->max_length = new_len;
+-		dest->data = dest->allocd + unused;
+-
+-		align_allocd_with_data(dest);
++	ret = _gnutls_buffer_resize(dest, tot_len);
++	if (ret < 0) {
++		return ret;
+ 	}
+ 	assert(dest->data != NULL);
+ 
+-- 
+2.30.2
+
diff -Nru gnutls28-3.6.7/debian/patches/47_rel3.6.16_02-_gnutls_buffer_resize-add-option-to-use-allocation-s.patch gnutls28-3.6.7/debian/patches/47_rel3.6.16_02-_gnutls_buffer_resize-add-option-to-use-allocation-s.patch
--- gnutls28-3.6.7/debian/patches/47_rel3.6.16_02-_gnutls_buffer_resize-add-option-to-use-allocation-s.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/47_rel3.6.16_02-_gnutls_buffer_resize-add-option-to-use-allocation-s.patch	2021-05-11 18:08:00.000000000 +0200
@@ -0,0 +1,70 @@
+From 65695373e10ed0654bff60fe0dcd00137ddfffe8 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Tue, 9 Mar 2021 13:41:59 +0100
+Subject: [PATCH 2/6] _gnutls_buffer_resize: add option to use allocation
+ simpler logic
+
+This helps detect common mistakes[1] in realloc usage with valgrind,
+where the caller assumes that the original ptr is always returned.
+
+1. https://bugzilla.mozilla.org/show_bug.cgi?id=1377618
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>
+---
+ lib/str.c | 32 ++++++++++++++++++++++++++++++++
+ 1 file changed, 32 insertions(+)
+
+diff --git a/lib/str.c b/lib/str.c
+index 2247fc322b..506fe17210 100644
+--- a/lib/str.c
++++ b/lib/str.c
+@@ -138,6 +138,36 @@ gnutls_buffer_append_data(gnutls_buffer_t dest, const void *data,
+ 	return 0;
+ }
+ 
++#ifdef AGGRESSIVE_REALLOC
++
++/* Use a simpler logic for reallocation; i.e., always call
++ * gnutls_realloc_fast() and do not reclaim the no-longer-used
++ * area which has been removed from the beginning of buffer
++ * with _gnutls_buffer_pop_datum().  This helps hit more
++ * issues when running under valgrind.
++ */
++int _gnutls_buffer_resize(gnutls_buffer_st * dest, size_t new_size)
++{
++	size_t unused;
++
++	if (unlikely(dest->data != NULL && dest->allocd == NULL))
++		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
++
++	unused = MEMSUB(dest->data, dest->allocd);
++	dest->allocd =
++	    gnutls_realloc_fast(dest->allocd, new_size);
++	if (dest->allocd == NULL) {
++		gnutls_assert();
++		return GNUTLS_E_MEMORY_ERROR;
++	}
++	dest->max_length = new_size;
++	dest->data = dest->allocd + unused;
++
++	return 0;
++}
++
++#else
++
+ int _gnutls_buffer_resize(gnutls_buffer_st * dest, size_t new_size)
+ {
+ 	if (unlikely(dest->data != NULL && dest->allocd == NULL))
+@@ -171,6 +201,8 @@ int _gnutls_buffer_resize(gnutls_buffer_st * dest, size_t new_size)
+ 	}
+ }
+ 
++#endif
++
+ /* Appends the provided string. The null termination byte is appended
+  * but not included in length.
+  */
+-- 
+2.30.2
+
diff -Nru gnutls28-3.6.7/debian/patches/47_rel3.6.16_03-key_share-avoid-use-after-free-around-realloc.patch gnutls28-3.6.7/debian/patches/47_rel3.6.16_03-key_share-avoid-use-after-free-around-realloc.patch
--- gnutls28-3.6.7/debian/patches/47_rel3.6.16_03-key_share-avoid-use-after-free-around-realloc.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/47_rel3.6.16_03-key_share-avoid-use-after-free-around-realloc.patch	2021-05-11 18:08:00.000000000 +0200
@@ -0,0 +1,62 @@
+From 254ee88e6f20975604b9247d1764c3fcbac448ee Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Fri, 29 Jan 2021 14:06:32 +0100
+Subject: [PATCH 3/6] key_share: avoid use-after-free around realloc
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/ext/key_share.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c
+index ab8abf8fe6..a8c4bb5cff 100644
+--- a/lib/ext/key_share.c
++++ b/lib/ext/key_share.c
+@@ -664,14 +664,14 @@ key_share_send_params(gnutls_session_t session,
+ {
+ 	unsigned i;
+ 	int ret;
+-	unsigned char *lengthp;
+-	unsigned int cur_length;
+ 	unsigned int generated = 0;
+ 	const gnutls_group_entry_st *group;
+ 	const version_entry_st *ver;
+ 
+ 	/* this extension is only being sent on client side */
+ 	if (session->security_parameters.entity == GNUTLS_CLIENT) {
++		unsigned int length_pos;
++
+ 		ver = _gnutls_version_max(session);
+ 		if (unlikely(ver == NULL || ver->key_shares == 0))
+ 			return 0;
+@@ -679,16 +679,13 @@ key_share_send_params(gnutls_session_t session,
+ 		if (!have_creds_for_tls13(session))
+ 			return 0;
+ 
+-		/* write the total length later */
+-		lengthp = &extdata->data[extdata->length];
++		length_pos = extdata->length;
+ 
+ 		ret =
+ 		    _gnutls_buffer_append_prefix(extdata, 16, 0);
+ 		if (ret < 0)
+ 			return gnutls_assert_val(ret);
+ 
+-		cur_length = extdata->length;
+-
+ 		if (session->internals.hsk_flags & HSK_HRR_RECEIVED) { /* we know the group */
+ 			group = get_group(session);
+ 			if (unlikely(group == NULL))
+@@ -736,7 +733,8 @@ key_share_send_params(gnutls_session_t session,
+ 		}
+ 
+ 		/* copy actual length */
+-		_gnutls_write_uint16(extdata->length - cur_length, lengthp);
++		_gnutls_write_uint16(extdata->length - length_pos - 2,
++				     &extdata->data[length_pos]);
+ 
+ 	} else { /* server */
+ 		ver = get_version(session);
+-- 
+2.30.2
+
diff -Nru gnutls28-3.6.7/debian/patches/47_rel3.6.16_04-pre_shared_key-avoid-use-after-free-around-realloc.patch gnutls28-3.6.7/debian/patches/47_rel3.6.16_04-pre_shared_key-avoid-use-after-free-around-realloc.patch
--- gnutls28-3.6.7/debian/patches/47_rel3.6.16_04-pre_shared_key-avoid-use-after-free-around-realloc.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/47_rel3.6.16_04-pre_shared_key-avoid-use-after-free-around-realloc.patch	2021-05-11 18:08:00.000000000 +0200
@@ -0,0 +1,60 @@
+From 9bdb7bb60ebddaa8f167e5cfae317dbf202f0e67 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Fri, 29 Jan 2021 14:06:50 +0100
+Subject: [PATCH 4/6] pre_shared_key: avoid use-after-free around realloc
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/ext/pre_shared_key.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
+index 240be21625..c66b40e9fd 100644
+--- a/lib/ext/pre_shared_key.c
++++ b/lib/ext/pre_shared_key.c
+@@ -267,7 +267,7 @@ client_send_params(gnutls_session_t session,
+ 	size_t spos;
+ 	gnutls_datum_t username = {NULL, 0};
+ 	gnutls_datum_t user_key = {NULL, 0}, rkey = {NULL, 0};
+-	gnutls_datum_t client_hello;
++	unsigned client_hello_len;
+ 	unsigned next_idx;
+ 	const mac_entry_st *prf_res = NULL;
+ 	const mac_entry_st *prf_psk = NULL;
+@@ -430,8 +430,7 @@ client_send_params(gnutls_session_t session,
+ 	assert(extdata->length >= sizeof(mbuffer_st));
+ 	assert(ext_offset >= (ssize_t)sizeof(mbuffer_st));
+ 	ext_offset -= sizeof(mbuffer_st);
+-	client_hello.data = extdata->data+sizeof(mbuffer_st);
+-	client_hello.size = extdata->length-sizeof(mbuffer_st);
++	client_hello_len = extdata->length-sizeof(mbuffer_st);
+ 
+ 	next_idx = 0;
+ 
+@@ -442,6 +441,11 @@ client_send_params(gnutls_session_t session,
+ 	}
+ 
+ 	if (prf_res && rkey.size > 0) {
++		gnutls_datum_t client_hello;
++
++		client_hello.data = extdata->data+sizeof(mbuffer_st);
++		client_hello.size = client_hello_len;
++
+ 		ret = compute_psk_binder(session, prf_res,
+ 					 binders_len, binders_pos,
+ 					 ext_offset, &rkey, &client_hello, 1,
+@@ -476,6 +480,11 @@ client_send_params(gnutls_session_t session,
+ 	}
+ 
+ 	if (prf_psk && user_key.size > 0 && info) {
++		gnutls_datum_t client_hello;
++
++		client_hello.data = extdata->data+sizeof(mbuffer_st);
++		client_hello.size = client_hello_len;
++
+ 		ret = compute_psk_binder(session, prf_psk,
+ 					 binders_len, binders_pos,
+ 					 ext_offset, &user_key, &client_hello, 0,
+-- 
+2.30.2
+
diff -Nru gnutls28-3.6.7/debian/patches/47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch gnutls28-3.6.7/debian/patches/47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch
--- gnutls28-3.6.7/debian/patches/47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch	2021-05-11 18:08:00.000000000 +0200
@@ -0,0 +1,33 @@
+From 8de3bd90e1d958147331882a51263216b5ea96d2 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Wed, 10 Mar 2021 16:11:29 +0100
+Subject: [PATCH 5/6] _gnutls_buffer_resize: account for unused area if
+ AGGRESSIVE_REALLOC
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/str.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/str.c b/lib/str.c
+index 506fe17210..bc20ebb04f 100644
+--- a/lib/str.c
++++ b/lib/str.c
+@@ -155,12 +155,12 @@ int _gnutls_buffer_resize(gnutls_buffer_st * dest, size_t new_size)
+ 
+ 	unused = MEMSUB(dest->data, dest->allocd);
+ 	dest->allocd =
+-	    gnutls_realloc_fast(dest->allocd, new_size);
++	    gnutls_realloc_fast(dest->allocd, new_size + unused);
+ 	if (dest->allocd == NULL) {
+ 		gnutls_assert();
+ 		return GNUTLS_E_MEMORY_ERROR;
+ 	}
+-	dest->max_length = new_size;
++	dest->max_length = new_size + unused;
+ 	dest->data = dest->allocd + unused;
+ 
+ 	return 0;
+-- 
+2.30.2
+
diff -Nru gnutls28-3.6.7/debian/patches/47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch gnutls28-3.6.7/debian/patches/47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch
--- gnutls28-3.6.7/debian/patches/47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch	2021-05-11 18:08:00.000000000 +0200
@@ -0,0 +1,50 @@
+From dc07b8228b4bab83af5bcf7a2efd9d2a0f10f628 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Wed, 10 Mar 2021 16:12:23 +0100
+Subject: [PATCH 6/6] str: suppress -Wunused-function if AGGRESSIVE_REALLOC is
+ defined
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/str.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/lib/str.c b/lib/str.c
+index bc20ebb04f..8007340f1e 100644
+--- a/lib/str.c
++++ b/lib/str.c
+@@ -87,15 +87,6 @@ void _gnutls_buffer_clear(gnutls_buffer_st * str)
+ 
+ #define MIN_CHUNK 1024
+ 
+-static void align_allocd_with_data(gnutls_buffer_st * dest)
+-{
+-	assert(dest->allocd != NULL);
+-	assert(dest->data != NULL);
+-	if (dest->length)
+-		memmove(dest->allocd, dest->data, dest->length);
+-	dest->data = dest->allocd;
+-}
+-
+ /**
+  * gnutls_buffer_append_data:
+  * @dest: the buffer to append to
+@@ -168,6 +159,15 @@ int _gnutls_buffer_resize(gnutls_buffer_st * dest, size_t new_size)
+ 
+ #else
+ 
++static void align_allocd_with_data(gnutls_buffer_st * dest)
++{
++	assert(dest->allocd != NULL);
++	assert(dest->data != NULL);
++	if (dest->length)
++		memmove(dest->allocd, dest->data, dest->length);
++	dest->data = dest->allocd;
++}
++
+ int _gnutls_buffer_resize(gnutls_buffer_st * dest, size_t new_size)
+ {
+ 	if (unlikely(dest->data != NULL && dest->allocd == NULL))
+-- 
+2.30.2
+
diff -Nru gnutls28-3.6.7/debian/patches/series gnutls28-3.6.7/debian/patches/series
--- gnutls28-3.6.7/debian/patches/series	2021-01-02 14:18:50.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/series	2021-05-11 18:13:03.000000000 +0200
@@ -16,3 +16,10 @@
 44_rel3.6.14_17-tests-add-test-case-for-certificate-chain-supersedin.patch
 44_rel3.6.14_90-stek-differentiate-initial-state-from-valid-time-win.patch
 45_4.7.0plus-01_testpkcs11-use-datefudge-to-trick-certificate-expiry.patch
+46_handshake-reject-no_renegotiation-alert-if-handshake.patch
+47_rel3.6.16_01-gnutls_buffer_append_data-remove-duplicated-code.patch
+47_rel3.6.16_02-_gnutls_buffer_resize-add-option-to-use-allocation-s.patch
+47_rel3.6.16_03-key_share-avoid-use-after-free-around-realloc.patch
+47_rel3.6.16_04-pre_shared_key-avoid-use-after-free-around-realloc.patch
+47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch
+47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 10.10

Hi,

Each of the updates referenced in these bugs was included in the 10.10
point release today.

Regards,

Adam

--- End Message ---
Reply to: