Commit debian/openssl-0.9.8o-4squeeze10 - openssl

update CVE-2012-0884 patch to include detecting symmetric crypto errors in PKCS7_decrypt Kurt Roeckx 12 years ago

2 changed file(s) with 38 addition(s) and 7 deletion(s). Raw diff Collapse all Expand all

-0

debian/changelog less more

0	0	openssl (0.9.8o-4squeeze10) squeeze-security; urgency=low
1	1
2	2	* Fix CVE-2012-2110
	3	* update CVE-2012-0884 patch to include detecting symmetric crypto errors
	4	in PKCS7_decrypt
3	5
4	6	-- Kurt Roeckx <kurt@roeckx.be> Thu, 19 Apr 2012 20:30:38 +0200
5	7

+36

-7

debian/patches/CVE-2012-0884.patch less more

0		index 7407ae1..b8c0ee8 100644
1	0	--- a/apps/cms.c
2	1	+++ b/apps/cms.c
3	2	@@ -226,6 +226,8 @@ int MAIN(int argc, char **argv)

18	17
19	18	if (secret_key)
20	19	{
21		index 25f8874..75e3be0 100644
22	20	--- a/crypto/cms/cms.h
23	21	+++ b/crypto/cms/cms.h
24	22	@@ -110,6 +110,7 @@ DECLARE_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)

29	27
30	28	const ASN1_OBJECT CMS_get0_type(CMS_ContentInfo cms);
31	29
32		index bab2623..580083b 100644
33	30	--- a/crypto/cms/cms_enc.c
34	31	+++ b/crypto/cms/cms_enc.c
35	32	@@ -73,6 +73,8 @@ BIO cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo ec)

125	122	if (ok)
126	123	return b;
127	124	BIO_free(b);
128		index d499ae8..b8685fa 100644
129	125	--- a/crypto/cms/cms_env.c
130	126	+++ b/crypto/cms/cms_env.c
131	127	@@ -352,6 +352,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,

154	150
155	151	err:
156	152	if (!ret && ek)
157		index 7d60fac..ce65d6e 100644
158	153	--- a/crypto/cms/cms_lcl.h
159	154	+++ b/crypto/cms/cms_lcl.h
160	155	@@ -175,6 +175,8 @@ struct CMS_EncryptedContentInfo_st

166	161	};
167	162
168	163	struct CMS_RecipientInfo_st
169		index f35883a..2be07c2 100644
170	164	--- a/crypto/cms/cms_smime.c
171	165	+++ b/crypto/cms/cms_smime.c
172	166	@@ -622,7 +622,10 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo cms, EVP_PKEY pk, X509 *cert)

238	232	cont = CMS_dataInit(cms, dcont);
239	233	if (!cont)
240	234	return 0;
241		index c8f1eb1..8b3024e 100644
242	235	--- a/crypto/pkcs7/pk7_doit.c
243	236	+++ b/crypto/pkcs7/pk7_doit.c
244	237	@@ -420,6 +420,8 @@ BIO PKCS7_dataDecode(PKCS7 p7, EVP_PKEY pkey, BIO in_bio, X509 *pcert)

363	356	if (out == NULL)
364	357	out=etmp;
365	358	else
	359	--- a/crypto/pkcs7/pk7_smime.c 2009/03/15 13:36:01 1.24.2.9
	360	+++ b/crypto/pkcs7/pk7_smime.c 2012/02/27 15:23:20 1.24.2.10
	361	@@ -486,15 +486,30 @@
	362	return 0;
	363	}
	364	ret = SMIME_text(bread, data);
	365	+ if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
	366	+ {
	367	+ if (!BIO_get_cipher_status(tmpmem))
	368	+ ret = 0;
	369	+ }
	370	BIO_free_all(bread);
	371	return ret;
	372	} else {
	373	for(;;) {
	374	i = BIO_read(tmpmem, buf, sizeof(buf));
	375	- if(i <= 0) break;
	376	+ if(i <= 0)
	377	+ {
	378	+ ret = 1;
	379	+ if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
	380	+ {
	381	+ if (!BIO_get_cipher_status(tmpmem))
	382	+ ret = 0;
	383	+ }
	384	+
	385	+ break;
	386	+ }
	387	BIO_write(data, buf, i);
	388	}
	389	BIO_free_all(tmpmem);
	390	- return 1;
	391	+ return ret;
	392	}
	393	}
	394