Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.1:Update
libopenssl0_9_8.5041
openssl-CVE-2016-2108.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-CVE-2016-2108.patch of Package libopenssl0_9_8.5041
From c5e4bc81c5a142cab7f46f69824fa35367999ee8 Mon Sep 17 00:00:00 2001 From: Dr. Stephen Henson <steve@openssl.org> Date: Fri, 15 Apr 2016 02:37:09 +0100 Subject: [PATCH] Fix ASN1_INTEGER handling. Only treat an ASN1_ANY type as an integer if it has the V_ASN1_INTEGER tag: V_ASN1_NEG_INTEGER is an internal only value which is never used for on the wire encoding. Thanks to David Benjamin <davidben@google.com> for reporting this bug. This was found using libFuzzer. RT#4364 (part)CVE-2016-2108. --- crypto/asn1/a_type.c | 2 -- crypto/asn1/tasn_dec.c | 2 -- crypto/asn1/tasn_enc.c | 2 -- 3 files changed, 0 insertions(+), 6 deletions(-) Index: openssl-0.9.8zh/crypto/asn1/a_type.c =================================================================== --- openssl-0.9.8zh.orig/crypto/asn1/a_type.c 2016-05-03 17:31:34.259173761 +0200 +++ openssl-0.9.8zh/crypto/asn1/a_type.c 2016-05-03 17:31:49.387410593 +0200 @@ -123,9 +123,7 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co result = 0; /* They do not have content. */ break; case V_ASN1_INTEGER: - case V_ASN1_NEG_INTEGER: case V_ASN1_ENUMERATED: - case V_ASN1_NEG_ENUMERATED: case V_ASN1_BIT_STRING: case V_ASN1_OCTET_STRING: case V_ASN1_SEQUENCE: Index: openssl-0.9.8zh/crypto/asn1/tasn_dec.c =================================================================== --- openssl-0.9.8zh.orig/crypto/asn1/tasn_dec.c 2016-05-03 17:31:34.260173777 +0200 +++ openssl-0.9.8zh/crypto/asn1/tasn_dec.c 2016-05-03 17:32:01.412598850 +0200 @@ -901,9 +901,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const break; case V_ASN1_INTEGER: - case V_ASN1_NEG_INTEGER: case V_ASN1_ENUMERATED: - case V_ASN1_NEG_ENUMERATED: tint = (ASN1_INTEGER **)pval; if (!c2i_ASN1_INTEGER(tint, &cont, len)) goto err; Index: openssl-0.9.8zh/crypto/asn1/tasn_enc.c =================================================================== --- openssl-0.9.8zh.orig/crypto/asn1/tasn_enc.c 2016-05-03 17:31:34.260173777 +0200 +++ openssl-0.9.8zh/crypto/asn1/tasn_enc.c 2016-05-03 17:32:12.724775946 +0200 @@ -610,9 +610,7 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsig break; case V_ASN1_INTEGER: - case V_ASN1_NEG_INTEGER: case V_ASN1_ENUMERATED: - case V_ASN1_NEG_ENUMERATED: /* * These are all have the same content format as ASN1_INTEGER */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor