Hi Ola, On Tue, Aug 23, 2016 at 08:39:29AM +0200, Ola Lundqvist wrote: > Hi Guido > > Brian wrote in his mail that he had not tried to reproduce the crash. > Quote: > "...although I don't have any exploits test it with."
There are exploits mentioned in the paper. I think we should test them before releasing a DLA. -- Guido > > Best regards > > // Ola > > On Tue, Aug 23, 2016 at 7:22 AM, Guido Günther <[email protected]> wrote: > > On Mon, Aug 22, 2016 at 06:15:33PM +1000, Brian May wrote: > >> Brian May <[email protected]> writes: > >> > >> > I will have a look and see if I can hack^h^h^h^hpatch the Debian package > >> > to include the above security fix; although I don't have any exploits > >> > test it with. > >> > >> Ok, I have attached my proposed debdiff patch. It builds using sbuild. I > >> haven't claimed this package, and unlikely to have time to continue this > >> month. So if anybody wants to take over before then, feel free to do so. > >> -- > >> Brian May <[email protected]> > > > >> diff -u matrixssl-1.8.8/debian/changelog matrixssl-1.8.8/debian/changelog > >> --- matrixssl-1.8.8/debian/changelog > >> +++ matrixssl-1.8.8/debian/changelog > >> @@ -1,3 +1,10 @@ > >> +matrixssl (1.8.8-1+deb7u1) wheezy-security; urgency=high > >> + > >> + * Non-maintainer upload by the LTS Team. > >> + * Fix integer overflow in bn_reverse. > >> + > >> + -- Brian May <[email protected]> Mon, 22 Aug 2016 18:09:05 +1000 > >> + > >> matrixssl (1.8.8-1) unstable; urgency=high > >> > >> * new upstream version. > >> diff -u matrixssl-1.8.8/debian/control matrixssl-1.8.8/debian/control > >> --- matrixssl-1.8.8/debian/control > >> +++ matrixssl-1.8.8/debian/control > >> @@ -2,7 +2,7 @@ > >> Priority: optional > >> Section: libs > >> Maintainer: Gerrit Pape <[email protected]> > >> -Build-Depends: dietlibc-dev [alpha amd64 arm hppa i386 ia64 mips mipsel > >> powerpc ppc64 s390 sparc] > >> +Build-Depends: dietlibc-dev [alpha amd64 arm hppa i386 ia64 mips mipsel > >> powerpc ppc64 s390 sparc], quilt > >> Standards-Version: 3.8.0.1 > >> > >> Package: libmatrixssl1.8-dev > >> diff -u matrixssl-1.8.8/debian/rules matrixssl-1.8.8/debian/rules > >> --- matrixssl-1.8.8/debian/rules > >> +++ matrixssl-1.8.8/debian/rules > >> @@ -28,6 +28,7 @@ > >> DIR =$(shell pwd)/debian/libmatrixssl$(SOVER) > >> > >> unpack: deb-checkdir unpack-gnu-stamp unpack-diet-stamp > >> + quilt push -a > >> unpack-gnu-stamp: > >> mkdir -p gnu/static gnu/shared > >> (cd gnu/static && tar xzf - && ln -s matrixssl* matrixssl) > >> <'$(TARGZ)' > >> @@ -61,6 +62,7 @@ > >> touch build-diet-stamp > >> > >> clean: deb-checkdir deb-checkuid > >> + quilt pop -a || true > >> rm -rf gnu diet examples > >> rm -f unpack-gnu-stamp unpack-diet-stamp build-gnu-stamp \ > >> build-diet-stamp > >> only in patch2: > >> unchanged: > >> --- matrixssl-1.8.8.orig/.pc/.quilt_patches > >> +++ matrixssl-1.8.8/.pc/.quilt_patches > >> @@ -0,0 +1 @@ > >> +debian/patches > >> only in patch2: > >> unchanged: > >> --- matrixssl-1.8.8.orig/.pc/.quilt_series > >> +++ matrixssl-1.8.8/.pc/.quilt_series > >> @@ -0,0 +1 @@ > >> +series > >> only in patch2: > >> unchanged: > >> --- matrixssl-1.8.8.orig/.pc/.version > >> +++ matrixssl-1.8.8/.pc/.version > >> @@ -0,0 +1 @@ > >> +2 > >> only in patch2: > >> unchanged: > >> --- matrixssl-1.8.8.orig/debian/patches/fix-bn_reverse.patch > >> +++ matrixssl-1.8.8/debian/patches/fix-bn_reverse.patch > >> @@ -0,0 +1,36 @@ > >> +--- a/diet/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c > >> ++++ b/diet/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c > >> +@@ -945,6 +945,9 @@ > >> + int32 ix, iy; > >> + unsigned char t; > >> + > >> ++ if (len == 0) { > >> ++ return; > >> ++ } > >> + ix = 0; > >> + iy = len - 1; > >> + while (ix < iy) { > >> +--- a/gnu/shared/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c > >> ++++ b/gnu/shared/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c > >> +@@ -945,6 +945,9 @@ > >> + int32 ix, iy; > >> + unsigned char t; > >> + > >> ++ if (len == 0) { > >> ++ return; > >> ++ } > >> + ix = 0; > >> + iy = len - 1; > >> + while (ix < iy) { > >> +--- a/gnu/static/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c > >> ++++ b/gnu/static/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c > >> +@@ -945,6 +945,9 @@ > >> + int32 ix, iy; > >> + unsigned char t; > >> + > >> ++ if (len == 0) { > >> ++ return; > >> ++ } > >> + ix = 0; > >> + iy = len - 1; > >> + while (ix < iy) { > >> only in patch2: > >> unchanged: > >> --- matrixssl-1.8.8.orig/debian/patches/series > >> +++ matrixssl-1.8.8/debian/patches/series > >> @@ -0,0 +1 @@ > >> +fix-bn_reverse.patch > > > > Having the same hunk three times isn't pretty but I don't have a great > > idea how this can be done better in the current packaging either. > > > > Did you try to reproduce the crash mentioned in the CVE details? > > > > Cheers, > > -- Guido > > > > -- > --- Inguza Technology AB --- MSc in Information Technology ---- > / [email protected] Folkebogatan 26 \ > | [email protected] 654 68 KARLSTAD | > | http://inguza.com/ Mobile: +46 (0)70-332 1551 | > \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / > --------------------------------------------------------------- >
