File openssl-CVE-2016-2108.patch of Package libopenssl0_9_8.5041

Overview Repositories Revisions Requests Users Attributes Meta

File openssl-CVE-2016-2108.patch of Package libopenssl0_9_8.5041

From c5e4bc81c5a142cab7f46f69824fa35367999ee8 Mon Sep 17 00:00:00 2001
From: Dr. Stephen Henson <steve@openssl.org>
Date: Fri, 15 Apr 2016 02:37:09 +0100
Subject: [PATCH] Fix ASN1_INTEGER handling.

Only treat an ASN1_ANY type as an integer if it has the V_ASN1_INTEGER
tag: V_ASN1_NEG_INTEGER is an internal only value which is never used
for on the wire encoding.

Thanks to David Benjamin <davidben@google.com> for reporting this bug.

This was found using libFuzzer.

RT#4364 (part)CVE-2016-2108.
---
 crypto/asn1/a_type.c   | 2 --
 crypto/asn1/tasn_dec.c | 2 --
 crypto/asn1/tasn_enc.c | 2 --
 3 files changed, 0 insertions(+), 6 deletions(-)

Index: openssl-0.9.8zh/crypto/asn1/a_type.c
===================================================================
--- openssl-0.9.8zh.orig/crypto/asn1/a_type.c	2016-05-03 17:31:34.259173761 +0200
+++ openssl-0.9.8zh/crypto/asn1/a_type.c	2016-05-03 17:31:49.387410593 +0200
@@ -123,9 +123,7 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co
         result = 0;             /* They do not have content. */
         break;
     case V_ASN1_INTEGER:
-    case V_ASN1_NEG_INTEGER:
     case V_ASN1_ENUMERATED:
-    case V_ASN1_NEG_ENUMERATED:
     case V_ASN1_BIT_STRING:
     case V_ASN1_OCTET_STRING:
     case V_ASN1_SEQUENCE:
Index: openssl-0.9.8zh/crypto/asn1/tasn_dec.c
===================================================================
--- openssl-0.9.8zh.orig/crypto/asn1/tasn_dec.c	2016-05-03 17:31:34.260173777 +0200
+++ openssl-0.9.8zh/crypto/asn1/tasn_dec.c	2016-05-03 17:32:01.412598850 +0200
@@ -901,9 +901,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const
         break;
 
     case V_ASN1_INTEGER:
-    case V_ASN1_NEG_INTEGER:
     case V_ASN1_ENUMERATED:
-    case V_ASN1_NEG_ENUMERATED:
         tint = (ASN1_INTEGER **)pval;
         if (!c2i_ASN1_INTEGER(tint, &cont, len))
             goto err;
Index: openssl-0.9.8zh/crypto/asn1/tasn_enc.c
===================================================================
--- openssl-0.9.8zh.orig/crypto/asn1/tasn_enc.c	2016-05-03 17:31:34.260173777 +0200
+++ openssl-0.9.8zh/crypto/asn1/tasn_enc.c	2016-05-03 17:32:12.724775946 +0200
@@ -610,9 +610,7 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsig
         break;
 
     case V_ASN1_INTEGER:
-    case V_ASN1_NEG_INTEGER:
     case V_ASN1_ENUMERATED:
-    case V_ASN1_NEG_ENUMERATED:
         /*
          * These are all have the same content format as ASN1_INTEGER
          */

Places

File openssl-CVE-2016-2108.patch of Package libopenssl0_9_8.5041

Places