packages/openresty-openssl111
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!25 [sync] PR-20: Fix CVE-2022-4450

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
This commit is contained in:
openeuler-ci-bot 2024-01-05 01:23:21 +00:00 committed by Gitee
commit 36548eb611
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
backport-CVE-2022-4450.patch Normal file
View File

@ -0,0 +1,41 @@
From bbcf509bd046b34cca19c766bbddc31683d0858b Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 13 Dec 2022 14:54:55 +0000
Subject: [PATCH] Avoid dangling ptrs in header and data params for
PEM_read_bio_ex
In the event of a failure in PEM_read_bio_ex() we free the buffers we
allocated for the header and data buffers. However we were not clearing
the ptrs stored in *header and *data. Since, on success, the caller is
responsible for freeing these ptrs this can potentially lead to a double
free if the caller frees them even on failure.
Thanks to Dawei Wang for reporting this issue.
Based on a proposed patch by Kurt Roeckx.
CVE-2022-4450
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
---
crypto/pem/pem_lib.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index d416d939ea..328c30cdbb 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -957,7 +957,9 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header,
*data = pem_malloc(len, flags);
if (*header == NULL || *data == NULL) {
pem_free(*header, flags, 0);
+ *header = NULL;
pem_free(*data, flags, 0);
+ *data = NULL;
goto end;
}
BIO_read(headerB, *header, headerlen);
--
2.34.1

7
openresty-openssl111.spec
View File

@ -1,6 +1,6 @@
Name: openresty-openssl111 Name: openresty-openssl111
Version: 1.1.1h Version: 1.1.1h
Release: 3 Release: 4
Summary: OpenSSL library for OpenResty Summary: OpenSSL library for OpenResty
Group: Development/Libraries Group: Development/Libraries
@ -13,6 +13,7 @@ Source0: https://www.openssl.org/source/openssl-%{version}.tar.gz
Patch0: openssl-1.1.1f-sess_set_get_cb_yield.patch Patch0: openssl-1.1.1f-sess_set_get_cb_yield.patch
Patch99: 0099-copy-dir.sh.patch Patch99: 0099-copy-dir.sh.patch
Patch100: CVE-2021-23841.patch Patch100: CVE-2021-23841.patch
Patch101: backport-CVE-2022-4450.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -117,6 +118,7 @@ Provides C header and static library for the debug version of OpenResty's OpenSS
%patch0 -p1 %patch0 -p1
%patch99 -p1 %patch99 -p1
%patch100 -p1 %patch100 -p1
%patch101 -p1
%build %build
bash ./copy-dir.sh bash ./copy-dir.sh
@ -259,6 +261,9 @@ rm -rf %{buildroot}
%attr(0755,root,root) %{openssl_prefix_debug}/lib/*.a %attr(0755,root,root) %{openssl_prefix_debug}/lib/*.a
%changelog %changelog
* Sat Dec 23 2023 liningjie <liningjie@xfusion.com> - 1.1.1h-4
- Fix CVE-2022-4450
* Fri Dec 22 2023 wangxinjian <wangxinjian@xfusion.com> - 1.1.1h-3 * Fri Dec 22 2023 wangxinjian <wangxinjian@xfusion.com> - 1.1.1h-3
- fix CVE-2021-23841 - fix CVE-2021-23841