diff options
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch')
| -rw-r--r-- | meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch | 66 |
1 files changed, 0 insertions, 66 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch deleted file mode 100644 index 6fc4d0e839..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch +++ /dev/null @@ -1,66 +0,0 @@ -From cc598f321fbac9c04da5766243ed55d55948637d Mon Sep 17 00:00:00 2001 -From: "Dr. Stephen Henson" <steve@openssl.org> -Date: Tue, 10 Nov 2015 19:03:07 +0000 -Subject: [PATCH] Fix leak with ASN.1 combine. - -When parsing a combined structure pass a flag to the decode routine -so on error a pointer to the parent structure is not zeroed as -this will leak any additional components in the parent. - -This can leak memory in any application parsing PKCS#7 or CMS structures. - -CVE-2015-3195. - -Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using -libFuzzer. - -PR#4131 - -Reviewed-by: Richard Levitte <levitte@openssl.org> - -Upstream-Status: Backport - -This patch was imported from -https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d - -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - crypto/asn1/tasn_dec.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c -index febf605..9256049 100644 ---- a/crypto/asn1/tasn_dec.c -+++ b/crypto/asn1/tasn_dec.c -@@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - int otag; - int ret = 0; - ASN1_VALUE **pchptr, *ptmpval; -+ int combine = aclass & ASN1_TFLG_COMBINE; -+ aclass &= ~ASN1_TFLG_COMBINE; - if (!pval) - return 0; - if (aux && aux->asn1_cb) -@@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - auxerr: - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); - err: -- ASN1_item_ex_free(pval, it); -+ if (combine == 0) -+ ASN1_item_ex_free(pval, it); - if (errtt) - ERR_add_error_data(4, "Field=", errtt->field_name, - ", Type=", it->sname); -@@ -689,7 +692,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, - } else { - /* Nothing special */ - ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), -- -1, 0, opt, ctx); -+ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); - if (!ret) { - ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); - goto err; --- -2.3.5 - |