Package: release.debian.org Severity: normal Tags: buster User: [email protected] Usertags: pu
[ Reason ] node-elliptic allows ECDSA signature maleability via variations in encoding, leading '\0' bytes, or integer overflows (CVE-2020-13822). [ Impact ] This could conceivably have a security-relevant impact if an application relied on a single canonical signature. [ Tests ] No new test, however upstream tests are OK during build and autopkgtest [ Risks ] Upstream change is little (just some tests on inputs) and test coverage seems good [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] Just some checks on inputs
diff --git a/debian/changelog b/debian/changelog index 74b516f..3bc7a59 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +node-elliptic (6.4.1~dfsg-1+deb10u1) buster; urgency=medium + + * Prevent malleability and overflows (Closes: CVE-2020-13822) + + -- Xavier Guimard <[email protected]> Tue, 01 Sep 2020 13:24:44 +0200 + node-elliptic (6.4.1~dfsg-1) unstable; urgency=medium [ upstream ] diff --git a/debian/patches/CVE-2020-13822.patch b/debian/patches/CVE-2020-13822.patch new file mode 100644 index 0000000..179ecb9 --- /dev/null +++ b/debian/patches/CVE-2020-13822.patch @@ -0,0 +1,89 @@ +Description: signature: prevent malleability and overflows + CVE-2020-13822 +Author: Fedor Indutny <[email protected]> +Origin: upstream, https://github.com/indutny/elliptic/commit/856fe4d9 +Bug: https://github.com/indutny/elliptic/issues/226 +Forwarded: not-needed +Reviewed-By: Xavier Guimard <[email protected]> +Last-Update: 2020-09-01 + +--- a/lib/elliptic/ec/signature.js ++++ b/lib/elliptic/ec/signature.js +@@ -33,11 +33,24 @@ + return initial; + } + var octetLen = initial & 0xf; ++ ++ // Indefinite length or overflow ++ if (octetLen === 0 || octetLen > 4) { ++ return false; ++ } ++ + var val = 0; + for (var i = 0, off = p.place; i < octetLen; i++, off++) { + val <<= 8; + val |= buf[off]; ++ val >>>= 0; + } ++ ++ // Leading zeroes ++ if (val <= 0x7f) { ++ return false; ++ } ++ + p.place = off; + return val; + } +@@ -61,6 +74,9 @@ + return false; + } + var len = getLength(data, p); ++ if (len === false) { ++ return false; ++ } + if ((len + p.place) !== data.length) { + return false; + } +@@ -68,21 +84,37 @@ + return false; + } + var rlen = getLength(data, p); ++ if (rlen === false) { ++ return false; ++ } + var r = data.slice(p.place, rlen + p.place); + p.place += rlen; + if (data[p.place++] !== 0x02) { + return false; + } + var slen = getLength(data, p); ++ if (slen === false) { ++ return false; ++ } + if (data.length !== slen + p.place) { + return false; + } + var s = data.slice(p.place, slen + p.place); +- if (r[0] === 0 && (r[1] & 0x80)) { +- r = r.slice(1); +- } +- if (s[0] === 0 && (s[1] & 0x80)) { +- s = s.slice(1); ++ if (r[0] === 0) { ++ if (r[1] & 0x80) { ++ r = r.slice(1); ++ } else { ++ // Leading zeroes ++ return false; ++ } ++ } ++ if (s[0] === 0) { ++ if (s[1] & 0x80) { ++ s = s.slice(1); ++ } else { ++ // Leading zeroes ++ return false; ++ } + } + + this.r = new BN(r); diff --git a/debian/patches/series b/debian/patches/series index 0ee9429..d86ab76 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +1,2 @@ use-assert.patch +CVE-2020-13822.patch
