Control: tags -1 patch Hi,
On Sun, 12 Mar 2017 15:19:58 +0000 James Cowgill <jcowg...@debian.org> wrote: > Package: libmbedcrypto0 > Version: 2.4.0-1 > Severity: grave > Tags: security > Control: clone -1 -2 > Control: reassign -2 libpolarssl7 1.3.9-2.1+deb8u1 > Control: retitle -2 polarssl: CVE-2017-2748 - Freeing of memory allocated on > stack when validating a public key with a secp224k1 curve > > Hi all, > > This security advisory was recently published and contains one "high" > severity bug: > https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01 > > The security changelog for 2.4.2 also contains fixes for some other > bugs as well. The 3rd bug (relating to SLOTH) does not affect polarssl. The attached patch should fix CVE-2017-2784 in jessie. I haven't attempted to fix any of the other lower priority bugs which were fixed in 1.3.19 / 2.4.2 Thanks, James
diff -Nru polarssl-1.3.9/debian/changelog polarssl-1.3.9/debian/changelog --- polarssl-1.3.9/debian/changelog 2016-02-06 13:29:38.000000000 +0000 +++ polarssl-1.3.9/debian/changelog 2017-03-17 21:38:48.000000000 +0000 @@ -1,3 +1,11 @@ +polarssl (1.3.9-2.1+deb8u2) jessie-security; urgency=high + + * Non-maintainer upload. + * Fix CVE-2017-2784: Freeing of memory allocated on stack when + validating a public key with a secp224k1 curve. (Closes: #857561) + + -- James Cowgill <jcowg...@debian.org> Fri, 17 Mar 2017 21:38:48 +0000 + polarssl (1.3.9-2.1+deb8u1) jessie-security; urgency=high * Non-maintainer upload. diff -Nru polarssl-1.3.9/debian/patches/CVE-2017-2784.patch polarssl-1.3.9/debian/patches/CVE-2017-2784.patch --- polarssl-1.3.9/debian/patches/CVE-2017-2784.patch 1970-01-01 01:00:00.000000000 +0100 +++ polarssl-1.3.9/debian/patches/CVE-2017-2784.patch 2017-03-17 21:38:48.000000000 +0000 @@ -0,0 +1,49 @@ +Description: Fix for CVE-2017-2784 + Fixed a bug that caused freeing a buffer that was allocated on the stack, + when verifying the validity of a key on secp224k1. This could be + triggered remotely for example with a maliciously constructed certificate + and might have led to remote code execution on some exotic embedded + platforms. Reported independently by rongsaws and Regina Wilson. + . + The function ecp_mod_koblitz computed the space for the result of a + multiplication optimally for that specific case, but unfortunately + the function mbedtls_mpi_mul_mpi performs a generic, suboptimal + calculation and needs one more limb for the result. Since the result's + buffer is on the stack, the best case scenario is that the program + stops. + . + This only happened on 64 bit platforms. +Origin: upstream, https://github.com/ARMmbed/mbedtls/commit/f5ffc79896681daddf7530646c0908f51a887dbd +Bug-Debian: https://bugs.debian.org/857561 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ + +--- a/library/ecp_curves.c ++++ b/library/ecp_curves.c +@@ -1268,7 +1268,7 @@ static inline int ecp_mod_koblitz( mpi * + int ret; + size_t i; + mpi M, R; +- t_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R]; ++ t_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1]; + + if( N->n < p_limbs ) + return( 0 ); +@@ -1290,7 +1290,7 @@ static inline int ecp_mod_koblitz( mpi * + memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( t_uint ) ); + if( shift != 0 ) + MPI_CHK( mpi_shift_r( &M, shift ) ); +- M.n += R.n - adjust; /* Make room for multiplication by R */ ++ M.n += R.n; /* Make room for multiplication by R */ + + /* N = A0 */ + if( mask != 0 ) +@@ -1312,7 +1312,7 @@ static inline int ecp_mod_koblitz( mpi * + memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( t_uint ) ); + if( shift != 0 ) + MPI_CHK( mpi_shift_r( &M, shift ) ); +- M.n += R.n - adjust; /* Make room for multiplication by R */ ++ M.n += R.n; /* Make room for multiplication by R */ + + /* N = A0 */ + if( mask != 0 ) diff -Nru polarssl-1.3.9/debian/patches/series polarssl-1.3.9/debian/patches/series --- polarssl-1.3.9/debian/patches/series 2016-02-05 12:25:30.000000000 +0000 +++ polarssl-1.3.9/debian/patches/series 2017-03-17 21:38:22.000000000 +0000 @@ -5,3 +5,4 @@ CVE-2015-8036-Added-bounds-checking-for-TLS-extensions.patch CVE-2015-8036-Reordered-extension-fields-and-added-to-Cha.patch CVE-2015-8036-Add-extra-check-before-integer-conversion.patch +CVE-2017-2784.patch
signature.asc
Description: OpenPGP digital signature
