[gentoo-commits] repo/gentoo:master commit in: net-vpn/openconnect/files/, net-vpn/openconnect/ - gentoo-commits

From:	Mike Gilbert <floppym@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-vpn/openconnect/files/, net-vpn/openconnect/
Date:	Tue, 12 May 2020 16:02:59
Message-Id:	`1589299368.27513d77015771f8604d9a21f388e9846c8c650a.floppym@gentoo`

1

commit:     27513d77015771f8604d9a21f388e9846c8c650a

2

Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>

3

AuthorDate: Tue May 12 16:01:57 2020 +0000

4

Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>

5

CommitDate: Tue May 12 16:02:48 2020 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27513d77

7

8

net-vpn/openconnect: fix buffer overflow in get_cert_name

9

10

Closes: https://bugs.gentoo.org/721570

11

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

12

13

 .../files/8.09-gnutls-buffer-overflow.patch        | 62 ++++++++++++++++++++++

14

 ...nect-8.09.ebuild => openconnect-8.09-r1.ebuild} |  3 ++

15

 2 files changed, 65 insertions(+)

16

17

diff --git a/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch b/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch

18

new file mode 100644

19

index 00000000000..bf8990ae3d3

20

--- /dev/null

21

+++ b/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch

22

@@ -0,0 +1,62 @@

23

+From eef4c1f9d24478aa1d2dd9ac7ec32efb2137f474 Mon Sep 17 00:00:00 2001

24

+From: Sergei Trofimovich <slyfox@g.o>

25

+Date: Fri, 8 May 2020 10:39:41 -0400

26

+Subject: [PATCH] gnutls: prevent buffer overflow in get_cert_name

27

+

28

+The test suite for ocserv calls openconnect with a certificate that has

29

+a name that is 84 bytes in length. The buffer passed to get_cert_name is

30

+currently 80 bytes.

31

+

32

+The gnutls_x509_crt_get_dn_by_oid function will update the buffer size

33

+parameter if the buffer is too small.

34

+

35

+http://man7.org/linux/man-pages/man3/gnutls_x509_crt_get_dn_by_oid.3.html

36

+

37

+RETURNS

38

+       GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long

39

+       enough, and in that case the  buf_size will be updated with the

40

+       required size. GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there are no

41

+       data in the current index. On success 0 is returned.

42

+

43

+Use a temporary variable to avoid clobbering the namelen variable that is

44

+passed to get_cert_name.

45

+

46

+Bug: https://bugs.gentoo.org/721570

47

+Signed-off-by: Sergei Trofimovich <slyfox@g.o>

48

+Signed-off-by: Mike Gilbert <floppym@g.o>

49

+---

50

+ gnutls.c | 17 ++++++++++++-----

51

+ 1 file changed, 12 insertions(+), 5 deletions(-)

52

+

53

+diff --git a/gnutls.c b/gnutls.c

54

+index 36bc82e0..53bf2a43 100644

55

+--- a/gnutls.c

56

++++ b/gnutls.c

57

+@@ -546,12 +546,19 @@ static int count_x509_certificates(gnutls_datum_t *datum)

58

+

59

+ static int get_cert_name(gnutls_x509_crt_t cert, char *name, size_t namelen)

60

+ {

61

++	/* When the name buffer is not big enough, gnutls_x509_crt_get_dn*() will

62

++	 * update the length argument to the required size, and return

63

++	 * GNUTLS_E_SHORT_MEMORY_BUFFER. We need to avoid clobbering the original

64

++	 * length variable. */

65

++	size_t nl = namelen;

66

+ 	if (gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME,

67

+-					  0, 0, name, &namelen) &&

68

+-	    gnutls_x509_crt_get_dn(cert, name, &namelen)) {

69

+-		name[namelen-1] = 0;

70

+-		snprintf(name, namelen-1, "<unknown>");

71

+-		return -EINVAL;

72

++					  0, 0, name, &nl)) {

73

++		nl = namelen;

74

++		if (gnutls_x509_crt_get_dn(cert, name, &nl)) {

75

++			name[namelen-1] = 0;

76

++			snprintf(name, namelen-1, "<unknown>");

77

++			return -EINVAL;

78

++		}

79

+ 	}

80

+ 	return 0;

81

+ }

82

+--

83

+2.26.2

84

+

85

86

diff --git a/net-vpn/openconnect/openconnect-8.09.ebuild b/net-vpn/openconnect/openconnect-8.09-r1.ebuild

87

similarity index 97%

88

rename from net-vpn/openconnect/openconnect-8.09.ebuild

89

rename to net-vpn/openconnect/openconnect-8.09-r1.ebuild

90

index 5e1e96852d1..a55ca7731ca 100644

91

--- a/net-vpn/openconnect/openconnect-8.09.ebuild

92

+++ b/net-vpn/openconnect/openconnect-8.09-r1.ebuild

93

@@ -78,6 +78,9 @@ src_unpack() {

94

}

95

96

 src_prepare() {

97

+	local PATCHES=(

98

+		"${FILESDIR}"/8.09-gnutls-buffer-overflow.patch

99

+	)

100

 	default

101

 	if [[ ${PV} == 9999 ]]; then

102

 		eautoreconf

1	commit: 27513d77015771f8604d9a21f388e9846c8c650a
2	Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
3	AuthorDate: Tue May 12 16:01:57 2020 +0000
4	Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
5	CommitDate: Tue May 12 16:02:48 2020 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27513d77
7
8	net-vpn/openconnect: fix buffer overflow in get_cert_name
9
10	Closes: https://bugs.gentoo.org/721570
11	Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
12
13	.../files/8.09-gnutls-buffer-overflow.patch \| 62 ++++++++++++++++++++++
14	...nect-8.09.ebuild => openconnect-8.09-r1.ebuild} \| 3 ++
15	2 files changed, 65 insertions(+)
16
17	diff --git a/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch b/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch
18	new file mode 100644
19	index 00000000000..bf8990ae3d3
20	--- /dev/null
21	+++ b/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch
22	@@ -0,0 +1,62 @@
23	+From eef4c1f9d24478aa1d2dd9ac7ec32efb2137f474 Mon Sep 17 00:00:00 2001
24	+From: Sergei Trofimovich <slyfox@g.o>
25	+Date: Fri, 8 May 2020 10:39:41 -0400
26	+Subject: [PATCH] gnutls: prevent buffer overflow in get_cert_name
27	+
28	+The test suite for ocserv calls openconnect with a certificate that has
29	+a name that is 84 bytes in length. The buffer passed to get_cert_name is
30	+currently 80 bytes.
31	+
32	+The gnutls_x509_crt_get_dn_by_oid function will update the buffer size
33	+parameter if the buffer is too small.
34	+
35	+http://man7.org/linux/man-pages/man3/gnutls_x509_crt_get_dn_by_oid.3.html
36	+
37	+RETURNS
38	+ GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long
39	+ enough, and in that case the buf_size will be updated with the
40	+ required size. GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there are no
41	+ data in the current index. On success 0 is returned.
42	+
43	+Use a temporary variable to avoid clobbering the namelen variable that is
44	+passed to get_cert_name.
45	+
46	+Bug: https://bugs.gentoo.org/721570
47	+Signed-off-by: Sergei Trofimovich <slyfox@g.o>
48	+Signed-off-by: Mike Gilbert <floppym@g.o>
49	+---
50	+ gnutls.c \| 17 ++++++++++++-----
51	+ 1 file changed, 12 insertions(+), 5 deletions(-)
52	+
53	+diff --git a/gnutls.c b/gnutls.c
54	+index 36bc82e0..53bf2a43 100644
55	+--- a/gnutls.c
56	++++ b/gnutls.c
57	+@@ -546,12 +546,19 @@ static int count_x509_certificates(gnutls_datum_t *datum)
58	+
59	+ static int get_cert_name(gnutls_x509_crt_t cert, char *name, size_t namelen)
60	+ {
61	++ /* When the name buffer is not big enough, gnutls_x509_crt_get_dn*() will
62	++ * update the length argument to the required size, and return
63	++ * GNUTLS_E_SHORT_MEMORY_BUFFER. We need to avoid clobbering the original
64	++ * length variable. */
65	++ size_t nl = namelen;
66	+ if (gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME,
67	+- 0, 0, name, &namelen) &&
68	+- gnutls_x509_crt_get_dn(cert, name, &namelen)) {
69	+- name[namelen-1] = 0;
70	+- snprintf(name, namelen-1, "<unknown>");
71	+- return -EINVAL;
72	++ 0, 0, name, &nl)) {
73	++ nl = namelen;
74	++ if (gnutls_x509_crt_get_dn(cert, name, &nl)) {
75	++ name[namelen-1] = 0;
76	++ snprintf(name, namelen-1, "<unknown>");
77	++ return -EINVAL;
78	++ }
79	+ }
80	+ return 0;
81	+ }
82	+--
83	+2.26.2
84	+
85
86	diff --git a/net-vpn/openconnect/openconnect-8.09.ebuild b/net-vpn/openconnect/openconnect-8.09-r1.ebuild
87	similarity index 97%
88	rename from net-vpn/openconnect/openconnect-8.09.ebuild
89	rename to net-vpn/openconnect/openconnect-8.09-r1.ebuild
90	index 5e1e96852d1..a55ca7731ca 100644
91	--- a/net-vpn/openconnect/openconnect-8.09.ebuild
92	+++ b/net-vpn/openconnect/openconnect-8.09-r1.ebuild
93	@@ -78,6 +78,9 @@ src_unpack() {
94	}
95
96	src_prepare() {
97	+ local PATCHES=(
98	+ "${FILESDIR}"/8.09-gnutls-buffer-overflow.patch
99	+ )
100	default
101	if [[ ${PV} == 9999 ]]; then
102	eautoreconf

Gentoo Archives: gentoo-commits