[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/, dev-libs/openssl/files/ - gentoo-commits

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/, dev-libs/openssl/files/
Date:	Fri, 04 Oct 2019 15:48:33
Message-Id:	`1570204095.b76774f393a90f6a74371864ec4850f176373b4c.whissi@gentoo`

1

commit:     b76774f393a90f6a74371864ec4850f176373b4c

2

Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

3

AuthorDate: Fri Oct  4 14:04:47 2019 +0000

4

Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

5

CommitDate: Fri Oct  4 15:48:15 2019 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b76774f3

7

8

dev-libs/openssl: fix mem leaks with BN_to_ASN1_INTEGER

9

10

Package-Manager: Portage-2.3.76, Repoman-2.3.17

11

Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

12

13

 ...x-potential-memleaks-w-BN_to_ASN1_INTEGER.patch | 107 +++++++++++++++++++++

14

 dev-libs/openssl/openssl-1.1.1d-r1.ebuild          |   1 +

15

 2 files changed, 108 insertions(+)

16

17

diff --git a/dev-libs/openssl/files/openssl-1.1.1d-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch b/dev-libs/openssl/files/openssl-1.1.1d-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch

18

new file mode 100644

19

index 00000000000..1f195d0384c

20

--- /dev/null

21

+++ b/dev-libs/openssl/files/openssl-1.1.1d-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch

22

@@ -0,0 +1,107 @@

23

+From 515c728dbaa92211d2eafb0041ab9fcd258fdc41 Mon Sep 17 00:00:00 2001

24

+From: Bernd Edlinger <bernd.edlinger@×××××××.de>

25

+Date: Mon, 9 Sep 2019 19:12:25 +0200

26

+Subject: [PATCH] Fix potential memory leaks with BN_to_ASN1_INTEGER

27

+

28

+Reviewed-by: Paul Dale <paul.dale@××××××.com>

29

+Reviewed-by: Matt Caswell <matt@×××××××.org>

30

+(Merged from https://github.com/openssl/openssl/pull/9833)

31

+

32

+(cherry picked from commit f28bc7d386b25fb75625d0c62c6b2e6d21de0d09)

33

+---

34

+ crypto/ec/ec_asn1.c     |  7 +++++--

35

+ crypto/x509v3/v3_asid.c | 26 ++++++++++++++++++++------

36

+ 2 files changed, 25 insertions(+), 8 deletions(-)

37

+

38

+diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c

39

+index 1ce1181fc10..7cbf8de9813 100644

40

+--- a/crypto/ec/ec_asn1.c

41

++++ b/crypto/ec/ec_asn1.c

42

+@@ -446,6 +446,7 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,

43

+     unsigned char *buffer = NULL;

44

+     const EC_POINT *point = NULL;

45

+     point_conversion_form_t form;

46

++    ASN1_INTEGER *orig;

47

+

48

+     if (params == NULL) {

49

+         if ((ret = ECPARAMETERS_new()) == NULL) {

50

+@@ -496,8 +497,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,

51

+         ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);

52

+         goto err;

53

+     }

54

+-    ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);

55

++    ret->order = BN_to_ASN1_INTEGER(tmp, orig = ret->order);

56

+     if (ret->order == NULL) {

57

++        ret->order = orig;

58

+         ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);

59

+         goto err;

60

+     }

61

+@@ -505,8 +507,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,

62

+     /* set the cofactor (optional) */

63

+     tmp = EC_GROUP_get0_cofactor(group);

64

+     if (tmp != NULL) {

65

+-        ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);

66

++        ret->cofactor = BN_to_ASN1_INTEGER(tmp, orig = ret->cofactor);

67

+         if (ret->cofactor == NULL) {

68

++            ret->cofactor = orig;

69

+             ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);

70

+             goto err;

71

+         }

72

+diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c

73

+index 089f2ae29f0..ef2d64826fb 100644

74

+--- a/crypto/x509v3/v3_asid.c

75

++++ b/crypto/x509v3/v3_asid.c

76

+@@ -256,6 +256,7 @@ static int extract_min_max(ASIdOrRange *aor,

77

+ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)

78

+ {

79

+     ASN1_INTEGER *a_max_plus_one = NULL;

80

++    ASN1_INTEGER *orig;

81

+     BIGNUM *bn = NULL;

82

+     int i, ret = 0;

83

+

84

+@@ -298,9 +299,15 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)

85

+          */

86

+         if ((bn == NULL && (bn = BN_new()) == NULL) ||

87

+             ASN1_INTEGER_to_BN(a_max, bn) == NULL ||

88

+-            !BN_add_word(bn, 1) ||

89

+-            (a_max_plus_one =

90

+-             BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {

91

++            !BN_add_word(bn, 1)) {

92

++            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,

93

++                      ERR_R_MALLOC_FAILURE);

94

++            goto done;

95

++        }

96

++

97

++        if ((a_max_plus_one =

98

++                BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) {

99

++            a_max_plus_one = orig;

100

+             X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,

101

+                       ERR_R_MALLOC_FAILURE);

102

+             goto done;

103

+@@ -351,6 +358,7 @@ int X509v3_asid_is_canonical(ASIdentifiers *asid)

104

+ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)

105

+ {

106

+     ASN1_INTEGER *a_max_plus_one = NULL;

107

++    ASN1_INTEGER *orig;

108

+     BIGNUM *bn = NULL;

109

+     int i, ret = 0;

110

+

111

+@@ -416,9 +424,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)

112

+          */

113

+         if ((bn == NULL && (bn = BN_new()) == NULL) ||

114

+             ASN1_INTEGER_to_BN(a_max, bn) == NULL ||

115

+-            !BN_add_word(bn, 1) ||

116

+-            (a_max_plus_one =

117

+-             BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {

118

++            !BN_add_word(bn, 1)) {

119

++            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,

120

++                      ERR_R_MALLOC_FAILURE);

121

++            goto done;

122

++        }

123

++

124

++        if ((a_max_plus_one =

125

++                 BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) {

126

++            a_max_plus_one = orig;

127

+             X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,

128

+                       ERR_R_MALLOC_FAILURE);

129

+             goto done;

130

131

diff --git a/dev-libs/openssl/openssl-1.1.1d-r1.ebuild b/dev-libs/openssl/openssl-1.1.1d-r1.ebuild

132

index b9fd0c73a62..db1ec434fd7 100644

133

--- a/dev-libs/openssl/openssl-1.1.1d-r1.ebuild

134

+++ b/dev-libs/openssl/openssl-1.1.1d-r1.ebuild

135

@@ -46,6 +46,7 @@ PDEPEND="app-misc/ca-certificates"

136

 PATCHES=(

137

 	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602

138

 	"${FILESDIR}"/${P}-fix-zlib.patch

139

+	"${FILESDIR}"/${P}-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch

140

)

141

142

 S="${WORKDIR}/${MY_P}"

1	commit: b76774f393a90f6a74371864ec4850f176373b4c
2	Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3	AuthorDate: Fri Oct 4 14:04:47 2019 +0000
4	Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5	CommitDate: Fri Oct 4 15:48:15 2019 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b76774f3
7
8	dev-libs/openssl: fix mem leaks with BN_to_ASN1_INTEGER
9
10	Package-Manager: Portage-2.3.76, Repoman-2.3.17
11	Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
12
13	...x-potential-memleaks-w-BN_to_ASN1_INTEGER.patch \| 107 +++++++++++++++++++++
14	dev-libs/openssl/openssl-1.1.1d-r1.ebuild \| 1 +
15	2 files changed, 108 insertions(+)
16
17	diff --git a/dev-libs/openssl/files/openssl-1.1.1d-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch b/dev-libs/openssl/files/openssl-1.1.1d-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch
18	new file mode 100644
19	index 00000000000..1f195d0384c
20	--- /dev/null
21	+++ b/dev-libs/openssl/files/openssl-1.1.1d-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch
22	@@ -0,0 +1,107 @@
23	+From 515c728dbaa92211d2eafb0041ab9fcd258fdc41 Mon Sep 17 00:00:00 2001
24	+From: Bernd Edlinger <bernd.edlinger@×××××××.de>
25	+Date: Mon, 9 Sep 2019 19:12:25 +0200
26	+Subject: [PATCH] Fix potential memory leaks with BN_to_ASN1_INTEGER
27	+
28	+Reviewed-by: Paul Dale <paul.dale@××××××.com>
29	+Reviewed-by: Matt Caswell <matt@×××××××.org>
30	+(Merged from https://github.com/openssl/openssl/pull/9833)
31	+
32	+(cherry picked from commit f28bc7d386b25fb75625d0c62c6b2e6d21de0d09)
33	+---
34	+ crypto/ec/ec_asn1.c \| 7 +++++--
35	+ crypto/x509v3/v3_asid.c \| 26 ++++++++++++++++++++------
36	+ 2 files changed, 25 insertions(+), 8 deletions(-)
37	+
38	+diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
39	+index 1ce1181fc10..7cbf8de9813 100644
40	+--- a/crypto/ec/ec_asn1.c
41	++++ b/crypto/ec/ec_asn1.c
42	+@@ -446,6 +446,7 @@ ECPARAMETERS EC_GROUP_get_ecparameters(const EC_GROUP group,
43	+ unsigned char *buffer = NULL;
44	+ const EC_POINT *point = NULL;
45	+ point_conversion_form_t form;
46	++ ASN1_INTEGER *orig;
47	+
48	+ if (params == NULL) {
49	+ if ((ret = ECPARAMETERS_new()) == NULL) {
50	+@@ -496,8 +497,9 @@ ECPARAMETERS EC_GROUP_get_ecparameters(const EC_GROUP group,
51	+ ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
52	+ goto err;
53	+ }
54	+- ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
55	++ ret->order = BN_to_ASN1_INTEGER(tmp, orig = ret->order);
56	+ if (ret->order == NULL) {
57	++ ret->order = orig;
58	+ ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
59	+ goto err;
60	+ }
61	+@@ -505,8 +507,9 @@ ECPARAMETERS EC_GROUP_get_ecparameters(const EC_GROUP group,
62	+ /* set the cofactor (optional) */
63	+ tmp = EC_GROUP_get0_cofactor(group);
64	+ if (tmp != NULL) {
65	+- ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
66	++ ret->cofactor = BN_to_ASN1_INTEGER(tmp, orig = ret->cofactor);
67	+ if (ret->cofactor == NULL) {
68	++ ret->cofactor = orig;
69	+ ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
70	+ goto err;
71	+ }
72	+diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c
73	+index 089f2ae29f0..ef2d64826fb 100644
74	+--- a/crypto/x509v3/v3_asid.c
75	++++ b/crypto/x509v3/v3_asid.c
76	+@@ -256,6 +256,7 @@ static int extract_min_max(ASIdOrRange *aor,
77	+ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
78	+ {
79	+ ASN1_INTEGER *a_max_plus_one = NULL;
80	++ ASN1_INTEGER *orig;
81	+ BIGNUM *bn = NULL;
82	+ int i, ret = 0;
83	+
84	+@@ -298,9 +299,15 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
85	+ */
86	+ if ((bn == NULL && (bn = BN_new()) == NULL) \|\|
87	+ ASN1_INTEGER_to_BN(a_max, bn) == NULL \|\|
88	+- !BN_add_word(bn, 1) \|\|
89	+- (a_max_plus_one =
90	+- BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
91	++ !BN_add_word(bn, 1)) {
92	++ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
93	++ ERR_R_MALLOC_FAILURE);
94	++ goto done;
95	++ }
96	++
97	++ if ((a_max_plus_one =
98	++ BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) {
99	++ a_max_plus_one = orig;
100	+ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
101	+ ERR_R_MALLOC_FAILURE);
102	+ goto done;
103	+@@ -351,6 +358,7 @@ int X509v3_asid_is_canonical(ASIdentifiers *asid)
104	+ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
105	+ {
106	+ ASN1_INTEGER *a_max_plus_one = NULL;
107	++ ASN1_INTEGER *orig;
108	+ BIGNUM *bn = NULL;
109	+ int i, ret = 0;
110	+
111	+@@ -416,9 +424,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
112	+ */
113	+ if ((bn == NULL && (bn = BN_new()) == NULL) \|\|
114	+ ASN1_INTEGER_to_BN(a_max, bn) == NULL \|\|
115	+- !BN_add_word(bn, 1) \|\|
116	+- (a_max_plus_one =
117	+- BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
118	++ !BN_add_word(bn, 1)) {
119	++ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
120	++ ERR_R_MALLOC_FAILURE);
121	++ goto done;
122	++ }
123	++
124	++ if ((a_max_plus_one =
125	++ BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) {
126	++ a_max_plus_one = orig;
127	+ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
128	+ ERR_R_MALLOC_FAILURE);
129	+ goto done;
130
131	diff --git a/dev-libs/openssl/openssl-1.1.1d-r1.ebuild b/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
132	index b9fd0c73a62..db1ec434fd7 100644
133	--- a/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
134	+++ b/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
135	@@ -46,6 +46,7 @@ PDEPEND="app-misc/ca-certificates"
136	PATCHES=(
137	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
138	"${FILESDIR}"/${P}-fix-zlib.patch
139	+ "${FILESDIR}"/${P}-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch
140	)
141
142	S="${WORKDIR}/${MY_P}"

Gentoo Archives: gentoo-commits