public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
From: "Eray Aslan" <eras@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: app-crypt/mit-krb5/files/
Date: Tue, 10 Nov 2020 07:45:29 +0000 (UTC)	[thread overview]
Message-ID: <1604994323.295e514a3ac604a4acbdae3dd3d18d7372fdfe2e.eras@gentoo> (raw)

commit:     295e514a3ac604a4acbdae3dd3d18d7372fdfe2e
Author:     Eray Aslan <eras <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 10 07:45:08 2020 +0000
Commit:     Eray Aslan <eras <AT> gentoo <DOT> org>
CommitDate: Tue Nov 10 07:45:23 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=295e514a

app-crypt/mit-krb5: add missing patch

Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Eray Aslan <eras <AT> gentoo.org>

 app-crypt/mit-krb5/files/CVE-2020-28196.patch | 71 +++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)

diff --git a/app-crypt/mit-krb5/files/CVE-2020-28196.patch b/app-crypt/mit-krb5/files/CVE-2020-28196.patch
new file mode 100644
index 00000000000..486078437e8
--- /dev/null
+++ b/app-crypt/mit-krb5/files/CVE-2020-28196.patch
@@ -0,0 +1,71 @@
+diff --git a/src/lib/krb5/asn.1/asn1_encode.c b/src/lib/krb5/asn.1/asn1_encode.c
+index a160cf4fe8..cd6b879f77 100644
+--- a/lib/krb5/asn.1/asn1_encode.c
++++ b/lib/krb5/asn.1/asn1_encode.c
+@@ -356,7 +356,7 @@ make_tag(asn1buf *buf, const taginfo *t, size_t len)
+ static krb5_error_code
+ get_tag(const uint8_t *asn1, size_t len, taginfo *tag_out,
+         const uint8_t **contents_out, size_t *clen_out,
+-        const uint8_t **remainder_out, size_t *rlen_out)
++        const uint8_t **remainder_out, size_t *rlen_out, int recursion)
+ {
+     krb5_error_code ret;
+     uint8_t o;
+@@ -394,9 +394,11 @@ get_tag(const uint8_t *asn1, size_t len, taginfo *tag_out,
+         /* Indefinite form (should not be present in DER, but we accept it). */
+         if (tag_out->construction != CONSTRUCTED)
+             return ASN1_MISMATCH_INDEF;
++        if (recursion >= 32)
++            return ASN1_OVERFLOW;
+         p = asn1;
+         while (!(len >= 2 && p[0] == 0 && p[1] == 0)) {
+-            ret = get_tag(p, len, &t, &c, &clen, &p, &len);
++            ret = get_tag(p, len, &t, &c, &clen, &p, &len, recursion + 1);
+             if (ret)
+                 return ret;
+         }
+@@ -613,7 +615,7 @@ split_der(asn1buf *buf, uint8_t *const *der, size_t len, taginfo *tag_out)
+     const uint8_t *contents, *remainder;
+     size_t clen, rlen;
+ 
+-    ret = get_tag(*der, len, tag_out, &contents, &clen, &remainder, &rlen);
++    ret = get_tag(*der, len, tag_out, &contents, &clen, &remainder, &rlen, 0);
+     if (ret)
+         return ret;
+     if (rlen != 0)
+@@ -1199,7 +1201,7 @@ decode_atype(const taginfo *t, const uint8_t *asn1, size_t len,
+         const uint8_t *rem;
+         size_t rlen;
+         if (!tag->implicit) {
+-            ret = get_tag(asn1, len, &inner_tag, &asn1, &len, &rem, &rlen);
++            ret = get_tag(asn1, len, &inner_tag, &asn1, &len, &rem, &rlen, 0);
+             if (ret)
+                 return ret;
+             /* Note: we don't check rlen (it should be 0). */
+@@ -1420,7 +1422,7 @@ decode_sequence(const uint8_t *asn1, size_t len, const struct seq_info *seq,
+     for (i = 0; i < seq->n_fields; i++) {
+         if (len == 0)
+             break;
+-        ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len);
++        ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len, 0);
+         if (ret)
+             goto error;
+         /*
+@@ -1478,7 +1480,7 @@ decode_sequence_of(const uint8_t *asn1, size_t len,
+     *seq_out = NULL;
+     *count_out = 0;
+     while (len > 0) {
+-        ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len);
++        ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len, 0);
+         if (ret)
+             goto error;
+         if (!check_atype_tag(elemtype, &t)) {
+@@ -1584,7 +1586,7 @@ k5_asn1_full_decode(const krb5_data *code, const struct atype_info *a,
+ 
+     *retrep = NULL;
+     ret = get_tag((uint8_t *)code->data, code->length, &t, &contents,
+-                  &clen, &remainder, &rlen);
++                  &clen, &remainder, &rlen, 0);
+     if (ret)
+         return ret;
+     /* rlen should be 0, but we don't check it (and due to padding in


             reply	other threads:[~2020-11-10  7:45 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-10  7:45 Eray Aslan [this message]
  -- strict thread matches above, loose matches on Subject: below --
2024-06-27  7:29 [gentoo-commits] repo/gentoo:master commit in: app-crypt/mit-krb5/files/ Eray Aslan
2022-09-02  5:53 Sam James
2021-02-11 19:41 Eray Aslan
2015-11-04  5:04 Eray Aslan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1604994323.295e514a3ac604a4acbdae3dd3d18d7372fdfe2e.eras@gentoo \
    --to=eras@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox