[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#856872: marked as done (jessie-pu: package gnutls28/3.3.8-6+deb8u5)

Your message dated Sat, 06 May 2017 14:44:18 +0100
with message-id <1494078258.26551.13.camel@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 8.8
has caused the Debian Bug report #856872,
regarding jessie-pu: package gnutls28/3.3.8-6+deb8u5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
856872: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856872
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hello,

I would like fix a number of minor issues in GnuTLS.

Most of these (notably CVE-2017-533[4567]) are related to the PGP
support, security does not intend to issue a DSA:

+ 55_00_pkcs12-fixed-the-calculation-of-p_size.patch
  Fixed issue in PKCS#12 password encoding, which truncated
  passwords over 32-characters. Reported by Mario Klebsch.
+ 55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch
  Fix double free in certificate information printing. If the PKIX
  extension proxy was set with a policy language set but no policy
  specified, that could lead to a double free. [GNUTLS-SA-2017-1]
  CVE-2017-5334
+ 55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch
  Addressed memory leak in server side error path (issue found using
  oss-fuzz project)
+ 55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch
  55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch
  55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch
  55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch
  55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch
  55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch
  55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch
  55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch
  55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch
  Addressed memory leaks and an infinite loop in OpenPGP certificate
  parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project)
  Addressed invalid memory accesses in OpenPGP certificate parsing.
  (issues found using oss-fuzz project) [GNUTLS-SA-2017-2]
  CVE-2017-5335 / CVE-2017-5336 / CVE-2017-5337
+ 55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch
  When returning success, but no elements,
  gnutls_pkcs11_obj_list_import_url4, could have returned zero number of
  elements with a pointer that was uninitialized. Ensure that an
  initialized (i.e., null in that case), pointer is always returned.
+ 55_13_cdk_pkt_read-enforce-packet-limits.patch Addressed integer
  overflow resulting to invalid memory write in OpenPGP certificate
  parsing.  Issue found using oss-fuzz project:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
  [GNUTLS-SA-2017-3A]
+ 55_14_opencdk-read_attribute-account-buffer-size.patch Addressed read
  of 1 byte past the end of buffer in OpenPGP certificate parsing. Issue
  found using oss-fuzz project:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
  (This patch is from gnutls_3_5_x branch.)
+ 55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch
  Addressed crashes in OpenPGP certificate parsing, related to private key
  parser. No longer allow OpenPGP certificates (public keys) to contain
  private key sub-packets. Issue found using oss-fuzz project:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
  [GNUTLS-SA-2017-3B]



-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

diff -Nru gnutls28-3.3.8/debian/changelog gnutls28-3.3.8/debian/changelog
--- gnutls28-3.3.8/debian/changelog	2016-11-01 10:07:52.000000000 +0100
+++ gnutls28-3.3.8/debian/changelog	2017-03-05 18:46:50.000000000 +0100
@@ -1,3 +1,56 @@
+gnutls28 (3.3.8-6+deb8u5) jessie; urgency=medium
+
+  * Pull multiple fixes from gnutls_3_3_x branch:
+    + 55_00_pkcs12-fixed-the-calculation-of-p_size.patch
+      Fixed issue in PKCS#12 password encoding, which truncated
+      passwords over 32-characters. Reported by Mario Klebsch.
+    + 55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch
+      Fix double free in certificate information printing. If the PKIX
+      extension proxy was set with a policy language set but no policy
+      specified, that could lead to a double free. [GNUTLS-SA-2017-1]
+      CVE-2017-5334
+    + 55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch
+      Addressed memory leak in server side error path (issue found using
+      oss-fuzz project)
+    + 55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch
+      55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch
+      55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch
+      55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch
+      55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch
+      55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch
+      55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch
+      55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch
+      55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch
+      Addressed memory leaks and an infinite loop in OpenPGP certificate
+      parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project)
+      Addressed invalid memory accesses in OpenPGP certificate parsing.
+      (issues found using oss-fuzz project) [GNUTLS-SA-2017-2]
+      CVE-2017-5335 / CVE-2017-5336 / CVE-2017-5337
+    + 55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch
+      When returning success, but no elements,
+      gnutls_pkcs11_obj_list_import_url4, could have returned zero number of
+      elements with a pointer that was uninitialized. Ensure that an
+      initialized (i.e., null in that case), pointer is always returned.
+    + 55_13_cdk_pkt_read-enforce-packet-limits.patch Addressed integer
+      overflow resulting to invalid memory write in OpenPGP certificate
+      parsing.  Issue found using oss-fuzz project:
+      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
+      [GNUTLS-SA-2017-3A]
+    + 55_14_opencdk-read_attribute-account-buffer-size.patch Addressed read
+      of 1 byte past the end of buffer in OpenPGP certificate parsing. Issue
+      found using oss-fuzz project:
+      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
+      (This patch is from gnutls_3_5_x branch.)
+    + 55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch
+      Addressed crashes in OpenPGP certificate parsing, related to private key
+      parser. No longer allow OpenPGP certificates (public keys) to contain
+      private key sub-packets. Issue found using oss-fuzz project:
+      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
+      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
+      [GNUTLS-SA-2017-3B]
+
+ -- Andreas Metzler <ametzler@debian.org>  Sun, 05 Mar 2017 18:18:03 +0100
+
 gnutls28 (3.3.8-6+deb8u4) jessie; urgency=medium
 
   [ Salvatore Bonaccorso ]
diff -Nru gnutls28-3.3.8/debian/patches/55_00_pkcs12-fixed-the-calculation-of-p_size.patch gnutls28-3.3.8/debian/patches/55_00_pkcs12-fixed-the-calculation-of-p_size.patch
--- gnutls28-3.3.8/debian/patches/55_00_pkcs12-fixed-the-calculation-of-p_size.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_00_pkcs12-fixed-the-calculation-of-p_size.patch	2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,26 @@
+From 3979cbcb425b4088c822b0a75c78f5f1eef32291 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Mon, 28 Nov 2016 11:47:40 +0100
+Subject: [PATCH] pkcs12: fixed the calculation of p_size
+
+That affects passwords which exceed 32 characters.
+---
+ lib/x509/pkcs12_encr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/x509/pkcs12_encr.c b/lib/x509/pkcs12_encr.c
+index 85cd3f228..d8fd49f82 100644
+--- a/lib/x509/pkcs12_encr.c
++++ b/lib/x509/pkcs12_encr.c
+@@ -105,7 +105,7 @@ _gnutls_pkcs12_string_to_key(const mac_entry_st * me,
+ 	}
+ 
+ 	/* Store salt and password in BUF_I */
+-	p_size = ((pwlen / 64) * 64) + 64;
++	p_size = (((2*pwlen) / 64) * 64) + 64;
+ 
+ 	if (p_size > sizeof(buf_i) - 64)
+ 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+-- 
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch gnutls28-3.3.8/debian/patches/55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch
--- gnutls28-3.3.8/debian/patches/55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch	2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,76 @@
+From bbfd47d4bb6935b3eddae227deb9f340e2c1a69d Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Thu, 15 Dec 2016 15:02:18 +0100
+Subject: [PATCH] gnutls_x509_ext_import_proxy: fix issue reading the policy
+ language
+
+If the language was set but the policy wasn't, that could lead to
+a double free, as the value returned to the user was freed.
+---
+ lib/x509/x509_ext.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
+index f974b0279..ed0ad1d14 100644
+--- a/lib/x509/x509_ext.c
++++ b/lib/x509/x509_ext.c
+@@ -1414,7 +1414,8 @@ int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen,
+ {
+ 	ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ 	int result;
+-	gnutls_datum_t value = { NULL, 0 };
++	gnutls_datum_t value1 = { NULL, 0 };
++	gnutls_datum_t value2 = { NULL, 0 };
+ 
+ 	if ((result = asn1_create_element
+ 	     (_gnutls_get_pkix(), "PKIX1.ProxyCertInfo",
+@@ -1444,20 +1445,18 @@ int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen,
+ 	}
+ 
+ 	result = _gnutls_x509_read_value(c2, "proxyPolicy.policyLanguage",
+-					 &value);
++					 &value1);
+ 	if (result < 0) {
+ 		gnutls_assert();
+ 		goto cleanup;
+ 	}
+ 
+ 	if (policyLanguage) {
+-		*policyLanguage = (char *)value.data;
+-	} else {
+-		gnutls_free(value.data);
+-		value.data = NULL;
++		*policyLanguage = (char *)value1.data;
++		value1.data = NULL;
+ 	}
+ 
+-	result = _gnutls_x509_read_value(c2, "proxyPolicy.policy", &value);
++	result = _gnutls_x509_read_value(c2, "proxyPolicy.policy", &value2);
+ 	if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) {
+ 		if (policy)
+ 			*policy = NULL;
+@@ -1468,16 +1467,17 @@ int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen,
+ 		goto cleanup;
+ 	} else {
+ 		if (policy) {
+-			*policy = (char *)value.data;
+-			value.data = NULL;
++			*policy = (char *)value2.data;
++			value2.data = NULL;
+ 		}
+ 		if (sizeof_policy)
+-			*sizeof_policy = value.size;
++			*sizeof_policy = value2.size;
+ 	}
+ 
+ 	result = 0;
+  cleanup:
+-	gnutls_free(value.data);
++	gnutls_free(value1.data);
++	gnutls_free(value2.data);
+ 	asn1_delete_structure(&c2);
+ 
+ 	return result;
+-- 
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch gnutls28-3.3.8/debian/patches/55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch
--- gnutls28-3.3.8/debian/patches/55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch	2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,39 @@
+From 097a347d7bad44c8d187363d45465d5db7eaf723 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Wed, 4 Jan 2017 09:46:26 +0100
+Subject: [PATCH] auth rsa: eliminated memory leak on pkcs-1 formatting attack
+ path
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/auth/rsa.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
+index 128e7b4b8..140f17043 100644
+--- a/lib/auth/rsa.c
++++ b/lib/auth/rsa.c
+@@ -112,7 +112,7 @@ static int
+ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
+ 		   size_t _data_size)
+ {
+-	gnutls_datum_t plaintext;
++	gnutls_datum_t plaintext = {NULL, 0};
+ 	gnutls_datum_t ciphertext;
+ 	int ret, dsize;
+ 	int randomize_key = 0;
+@@ -150,6 +150,11 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
+ 		_gnutls_audit_log(session,
+ 				  "auth_rsa: Possible PKCS #1 format attack\n");
+ 		randomize_key = 1;
++
++		if (ret >= 0) {
++			gnutls_free(plaintext.data);
++			plaintext.data = NULL;
++		}
+ 	} else {
+ 		/* If the secret was properly formatted, then
+ 		 * check the version number.
+-- 
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch gnutls28-3.3.8/debian/patches/55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch
--- gnutls28-3.3.8/debian/patches/55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch	2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,26 @@
+From 03d1e6089230bad79b78ce6e8ea2b872cbaf37e2 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Mon, 29 Feb 2016 09:48:12 +0100
+Subject: [PATCH 1/8] opencdk: Fixes to prevent undefined behavior (found with
+ libubsan)
+
+---
+ lib/opencdk/misc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/opencdk/misc.c b/lib/opencdk/misc.c
+index 0d4ee8912..35172e5dd 100644
+--- a/lib/opencdk/misc.c
++++ b/lib/opencdk/misc.c
+@@ -41,7 +41,7 @@ u32 _cdk_buftou32(const byte * buf)
+ 
+ 	if (!buf)
+ 		return 0;
+-	u = buf[0] << 24;
++	u = ((u32)buf[0]) << 24;
+ 	u |= buf[1] << 16;
+ 	u |= buf[2] << 8;
+ 	u |= buf[3];
+-- 
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch gnutls28-3.3.8/debian/patches/55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch
--- gnutls28-3.3.8/debian/patches/55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch	2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,70 @@
+From 16862f233f4600a4c1c827be8b1a18b6f80e0ce4 Mon Sep 17 00:00:00 2001
+From: Alex Gaynor <alex.gaynor@gmail.com>
+Date: Mon, 26 Dec 2016 13:15:25 -0500
+Subject: [PATCH 2/8] Do not infinite loop if an EOF occurs while skipping a
+ PGP packet
+
+Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
+---
+ lib/opencdk/read-packet.c | 21 ++++++++++++++++-----
+ 1 file changed, 16 insertions(+), 5 deletions(-)
+
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index becd6cb76..67ea938f7 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -42,8 +42,13 @@
+ static int
+ stream_read(cdk_stream_t s, void *buf, size_t buflen, size_t * r_nread)
+ {
+-	*r_nread = cdk_stream_read(s, buf, buflen);
+-	return *r_nread > 0 ? 0 : _cdk_stream_get_errno(s);
++	int res = cdk_stream_read(s, buf, buflen);
++	if (res > 0) {
++		*r_nread = res;
++		return 0;
++	} else {
++		return (cdk_stream_eof(s) ? EOF : _cdk_stream_get_errno(s));
++	}
+ }
+ 
+ 
+@@ -875,18 +880,22 @@ read_new_length(cdk_stream_t inp,
+ 
+ 
+ /* Skip the current packet body. */
+-static void skip_packet(cdk_stream_t inp, size_t pktlen)
++static cdk_error_t skip_packet(cdk_stream_t inp, size_t pktlen)
+ {
+ 	byte buf[BUFSIZE];
+ 	size_t nread, buflen = DIM(buf);
+ 
+ 	while (pktlen > 0) {
+-		stream_read(inp, buf, pktlen > buflen ? buflen : pktlen,
++		cdk_error_t rc;
++		rc = stream_read(inp, buf, pktlen > buflen ? buflen : pktlen,
+ 			    &nread);
++		if (rc)
++			return rc;
+ 		pktlen -= nread;
+ 	}
+ 
+ 	assert(pktlen == 0);
++	return 0;
+ }
+ 
+ 
+@@ -1087,7 +1096,9 @@ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt)
+ 
+ 	default:
+ 		/* Skip all packets we don't understand */
+-		skip_packet(inp, pktlen);
++		rc = skip_packet(inp, pktlen);
++		if (rc)
++			return gnutls_assert_val(rc);
+ 		break;
+ 	}
+ 
+-- 
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch gnutls28-3.3.8/debian/patches/55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch
--- gnutls28-3.3.8/debian/patches/55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch	2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,28 @@
+From 9ca2dccfb51c487b6dc14c64b73a1668d0801086 Mon Sep 17 00:00:00 2001
+From: Alex Gaynor <alex.gaynor@gmail.com>
+Date: Fri, 30 Dec 2016 21:17:22 -0500
+Subject: [PATCH 3/8] Attempt to fix a leak in OpenPGP cert parsing.
+
+---
+ lib/opencdk/read-packet.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index 67ea938f7..f1d165053 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -510,8 +510,10 @@ read_attribute(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr,
+ 	p++;
+ 	len--;
+ 
+-	if (len >= pktlen)
++	if (len >= pktlen) {
++		cdk_free(buf);
+ 		return CDK_Inv_Packet;
++	}
+ 	attr->attrib_img = cdk_calloc(1, len);
+ 	if (!attr->attrib_img) {
+ 		cdk_free(buf);
+-- 
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch gnutls28-3.3.8/debian/patches/55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch
--- gnutls28-3.3.8/debian/patches/55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch	2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,29 @@
+From affb3d659681af1dca04448e25f27c7e22eda0c7 Mon Sep 17 00:00:00 2001
+From: Alex Gaynor <alex.gaynor@gmail.com>
+Date: Sun, 1 Jan 2017 09:15:09 -0500
+Subject: [PATCH 4/8] Corrected a leak in OpenPGP sub-packet parsing.
+
+Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
+---
+ lib/opencdk/read-packet.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index f1d165053..8cba25c47 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -596,8 +596,10 @@ read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes)
+ 	node->size--;
+ 	rc = stream_read(inp, node->d, node->size, &nread);
+ 	n += nread;
+-	if (rc)
++	if (rc) {
++		cdk_subpkt_free(node);
+ 		return rc;
++	}
+ 	*r_nbytes = n;
+ 	if (!*r_ctx)
+ 		*r_ctx = node;
+-- 
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch gnutls28-3.3.8/debian/patches/55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch
--- gnutls28-3.3.8/debian/patches/55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch	2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,98 @@
+From 6231a4a087f9fdbd5f5f274e80c7a71e3e45b9c8 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Wed, 4 Jan 2017 14:42:03 +0100
+Subject: [PATCH 5/8] opencdk: read_attribute: added more precise checks when
+ reading stream
+
+That addresses heap read overflows found using oss-fuzz:
+  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338
+  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/opencdk/read-packet.c | 40 +++++++++++++++++++++++++++++-----------
+ 1 file changed, 29 insertions(+), 11 deletions(-)
+
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index 8cba25c47..e8ff24ffe 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -483,46 +483,64 @@ read_attribute(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr,
+ 		return CDK_Out_Of_Core;
+ 	rc = stream_read(inp, buf, pktlen, &nread);
+ 	if (rc) {
+-		cdk_free(buf);
+-		return CDK_Inv_Packet;
++		gnutls_assert();
++		rc = CDK_Inv_Packet;
++		goto error;
+ 	}
++
+ 	p = buf;
+ 	len = *p++;
+ 	pktlen--;
++
+ 	if (len == 255) {
++		if (pktlen < 4) {
++			gnutls_assert();
++			rc = CDK_Inv_Packet;
++			goto error;
++		}
++
+ 		len = _cdk_buftou32(p);
+ 		p += 4;
+ 		pktlen -= 4;
+ 	} else if (len >= 192) {
+ 		if (pktlen < 2) {
+-			cdk_free(buf);
+-			return CDK_Inv_Packet;
++			gnutls_assert();
++			rc = CDK_Inv_Packet;
++			goto error;
+ 		}
++
+ 		len = ((len - 192) << 8) + *p + 192;
+ 		p++;
+ 		pktlen--;
+ 	}
+ 
+-	if (*p != 1) {		/* Currently only 1, meaning an image, is defined. */
+-		cdk_free(buf);
+-		return CDK_Inv_Packet;
++	if (!len || *p != 1) {		/* Currently only 1, meaning an image, is defined. */
++		rc = CDK_Inv_Packet;
++		goto error;
+ 	}
++
+ 	p++;
+ 	len--;
+ 
+ 	if (len >= pktlen) {
+-		cdk_free(buf);
+-		return CDK_Inv_Packet;
++		rc = CDK_Inv_Packet;
++		goto error;
+ 	}
++
+ 	attr->attrib_img = cdk_calloc(1, len);
+ 	if (!attr->attrib_img) {
+-		cdk_free(buf);
+-		return CDK_Out_Of_Core;
++		rc = CDK_Out_Of_Core;
++		goto error;
+ 	}
++
+ 	attr->attrib_len = len;
+ 	memcpy(attr->attrib_img, p, len);
+ 	cdk_free(buf);
+ 	return rc;
++
++ error:
++	cdk_free(buf);
++	return rc;
+ }
+ 
+ 
+-- 
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch gnutls28-3.3.8/debian/patches/55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch
--- gnutls28-3.3.8/debian/patches/55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch	2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,42 @@
+From 7dec871f82e205107a81281e3286f0aa9caa93b3 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Wed, 4 Jan 2017 14:56:50 +0100
+Subject: [PATCH 6/8] opencdk: cdk_pk_get_keyid: fix stack overflow
+
+Issue found using oss-fuzz:
+  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/opencdk/pubkey.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/lib/opencdk/pubkey.c b/lib/opencdk/pubkey.c
+index 6e753bd25..da43129f9 100644
+--- a/lib/opencdk/pubkey.c
++++ b/lib/opencdk/pubkey.c
+@@ -518,6 +518,7 @@ u32 cdk_pk_get_keyid(cdk_pubkey_t pk, u32 * keyid)
+ {
+ 	u32 lowbits = 0;
+ 	byte buf[24];
++	int rc;
+ 
+ 	if (pk && (!pk->keyid[0] || !pk->keyid[1])) {
+ 		if (pk->version < 4 && is_RSA(pk->pubkey_algo)) {
+@@ -525,7 +526,12 @@ u32 cdk_pk_get_keyid(cdk_pubkey_t pk, u32 * keyid)
+ 			size_t n;
+ 
+ 			n = MAX_MPI_BYTES;
+-			_gnutls_mpi_print(pk->mpi[0], p, &n);
++			rc = _gnutls_mpi_print(pk->mpi[0], p, &n);
++			if (rc < 0 || n < 8) {
++				keyid[0] = keyid[1] = (u32)-1;
++				return (u32)-1;
++			}
++
+ 			pk->keyid[0] =
+ 			    p[n - 8] << 24 | p[n - 7] << 16 | p[n -
+ 								6] << 8 |
+-- 
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch gnutls28-3.3.8/debian/patches/55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch
--- gnutls28-3.3.8/debian/patches/55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch	2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,139 @@
+From 785af1ab577f899d2e54172ff120f404709bf172 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Wed, 4 Jan 2017 15:22:13 +0100
+Subject: [PATCH 7/8] opencdk: added error checking in the stream reading
+ functions
+
+This addresses an out of memory error. Issue found using oss-fuzz:
+  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/opencdk/read-packet.c | 40 +++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 35 insertions(+), 5 deletions(-)
+
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index e8ff24ffe..7a474ff54 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -43,6 +43,7 @@ static int
+ stream_read(cdk_stream_t s, void *buf, size_t buflen, size_t * r_nread)
+ {
+ 	int res = cdk_stream_read(s, buf, buflen);
++
+ 	if (res > 0) {
+ 		*r_nread = res;
+ 		return 0;
+@@ -56,13 +57,13 @@ stream_read(cdk_stream_t s, void *buf, size_t buflen, size_t * r_nread)
+ static u32 read_32(cdk_stream_t s)
+ {
+ 	byte buf[4];
+-	size_t nread;
++	size_t nread = 0;
+ 
+ 	assert(s != NULL);
+ 
+ 	stream_read(s, buf, 4, &nread);
+ 	if (nread != 4)
+-		return (u32) - 1;
++		return (u32) -1;
+ 	return buf[0] << 24 | buf[1] << 16 | buf[2] << 8 | buf[3];
+ }
+ 
+@@ -71,7 +72,7 @@ static u32 read_32(cdk_stream_t s)
+ static u16 read_16(cdk_stream_t s)
+ {
+ 	byte buf[2];
+-	size_t nread;
++	size_t nread = 0;
+ 
+ 	assert(s != NULL);
+ 
+@@ -573,7 +574,7 @@ read_user_id(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t user_id)
+ static cdk_error_t
+ read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes)
+ {
+-	byte c, c1;
++	int c, c1;
+ 	size_t size, nread, n;
+ 	cdk_subpkt_t node;
+ 	cdk_error_t rc;
+@@ -588,11 +589,18 @@ read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes)
+ 	*r_nbytes = 0;
+ 	c = cdk_stream_getc(inp);
+ 	n++;
++
+ 	if (c == 255) {
+ 		size = read_32(inp);
++		if (size == (u32)-1)
++			return CDK_Inv_Packet;
++
+ 		n += 4;
+ 	} else if (c >= 192 && c < 255) {
+ 		c1 = cdk_stream_getc(inp);
++		if (c1 == EOF)
++			return CDK_Inv_Packet;
++
+ 		n++;
+ 		if (c1 == 0)
+ 			return 0;
+@@ -859,17 +867,29 @@ static void
+ read_old_length(cdk_stream_t inp, int ctb, size_t * r_len, size_t * r_size)
+ {
+ 	int llen = ctb & 0x03;
++	int c;
+ 
+ 	if (llen == 0) {
+-		*r_len = cdk_stream_getc(inp);
++		c = cdk_stream_getc(inp);
++		if (c == EOF)
++			goto fail;
++
++		*r_len = c;
+ 		(*r_size)++;
+ 	} else if (llen == 1) {
+ 		*r_len = read_16(inp);
++		if (*r_len == (u16)-1)
++			goto fail;
+ 		(*r_size) += 2;
+ 	} else if (llen == 2) {
+ 		*r_len = read_32(inp);
++		if (*r_len == (u32)-1) {
++			goto fail;
++		}
++
+ 		(*r_size) += 4;
+ 	} else {
++ fail:
+ 		*r_len = 0;
+ 		*r_size = 0;
+ 	}
+@@ -884,15 +904,25 @@ read_new_length(cdk_stream_t inp,
+ 	int c, c1;
+ 
+ 	c = cdk_stream_getc(inp);
++	if (c == EOF)
++		return;
++
+ 	(*r_size)++;
+ 	if (c < 192)
+ 		*r_len = c;
+ 	else if (c >= 192 && c <= 223) {
+ 		c1 = cdk_stream_getc(inp);
++		if (c1 == EOF)
++			return;
++
+ 		(*r_size)++;
+ 		*r_len = ((c - 192) << 8) + c1 + 192;
+ 	} else if (c == 255) {
+ 		*r_len = read_32(inp);
++		if (*r_len == (u32)-1) {
++			return;
++		}
++
+ 		(*r_size) += 4;
+ 	} else {
+ 		*r_len = 1 << (c & 0x1f);
+-- 
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch gnutls28-3.3.8/debian/patches/55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch
--- gnutls28-3.3.8/debian/patches/55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch	2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,35 @@
+From d16ccb7ee8b890c4e9fe5a9e062c0d525c44340c Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Tue, 17 Jan 2017 13:34:33 +0100
+Subject: [PATCH] opencdk: improved error code checking in the stream reading
+ functions
+
+This ammends 49be4f7b82eba2363bb8d4090950dad976a77a3a
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/opencdk/read-packet.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index 7a474ff54..8a8d87a1f 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -918,11 +918,12 @@ read_new_length(cdk_stream_t inp,
+ 		(*r_size)++;
+ 		*r_len = ((c - 192) << 8) + c1 + 192;
+ 	} else if (c == 255) {
+-		*r_len = read_32(inp);
+-		if (*r_len == (u32)-1) {
++		c1 = read_32(inp);
++		if (c1 == (u32)-1) {
+ 			return;
+ 		}
+ 
++		*r_len = c1;
+ 		(*r_size) += 4;
+ 	} else {
+ 		*r_len = 1 << (c & 0x1f);
+-- 
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch gnutls28-3.3.8/debian/patches/55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch
--- gnutls28-3.3.8/debian/patches/55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch	2017-03-05 18:40:52.000000000 +0100
@@ -0,0 +1,26 @@
+From 5888e3cc63611396adb90d3ad1dc42a0bdb5850b Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Mon, 20 Feb 2017 11:14:49 +0100
+Subject: [PATCH] opencdk/read-packet.c: corrected typo in type cast
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/opencdk/read-packet.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index d95845d56..a2631fed1 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -919,7 +919,7 @@ read_new_length(cdk_stream_t inp,
+ 		*r_len = ((c - 192) << 8) + c1 + 192;
+ 	} else if (c == 255) {
+ 		c1 = read_32(inp);
+-		if (c1 == (u32)-1) {
++		if (c1 == -1) {
+ 			return;
+ 		}
+ 
+-- 
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch gnutls28-3.3.8/debian/patches/55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch
--- gnutls28-3.3.8/debian/patches/55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch	2017-03-05 08:29:46.000000000 +0100
@@ -0,0 +1,31 @@
+From 0715c72c482931b962294f9388f28fbb2a707d80 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Fri, 3 Feb 2017 23:41:51 +0100
+Subject: [PATCH] gnutls_pkcs11_obj_list_import_url2: Always return an
+ initialized pointer
+
+When returning success, but no elements, gnutls_pkcs11_obj_list_import_url4,
+could have returned zero number of elements with a pointer that was uninitialized.
+Ensure that an initialized (i.e., null in that case), pointer is always returned.
+Reported by Jeremy Harris.
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/pkcs11.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/pkcs11.c b/lib/pkcs11.c
+index d99dedff6..f5cf99d65 100644
+--- a/lib/pkcs11.c
++++ b/lib/pkcs11.c
+@@ -3019,6 +3019,7 @@ gnutls_pkcs11_obj_list_import_url2(gnutls_pkcs11_obj_t ** p_list,
+ 	if (ret < 0) {
+ 		gnutls_assert();
+ 		if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
++			*p_list = NULL;
+ 			*n_list = 0;
+ 			ret = 0;
+ 		}
+-- 
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_13_cdk_pkt_read-enforce-packet-limits.patch gnutls28-3.3.8/debian/patches/55_13_cdk_pkt_read-enforce-packet-limits.patch
--- gnutls28-3.3.8/debian/patches/55_13_cdk_pkt_read-enforce-packet-limits.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_13_cdk_pkt_read-enforce-packet-limits.patch	2017-03-05 08:33:00.000000000 +0100
@@ -0,0 +1,55 @@
+From 09a2f72584bb52ba87a97ee291729d6609229626 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Mon, 20 Feb 2017 11:13:08 +0100
+Subject: [PATCH] cdk_pkt_read: enforce packet limits
+
+That ensures that there are no overflows in the subsequent
+calculations.
+
+Resolves the oss-fuzz found bug:
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
+
+Relates: #159
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/opencdk/read-packet.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index 8a8d87a1f..d95845d56 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -951,6 +951,7 @@ static cdk_error_t skip_packet(cdk_stream_t inp, size_t pktlen)
+ 	return 0;
+ }
+ 
++#define MAX_PACKET_LEN (1<<24)
+ 
+ /**
+  * cdk_pkt_read:
+@@ -1003,6 +1004,13 @@ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt)
+ 	else
+ 		read_old_length(inp, ctb, &pktlen, &pktsize);
+ 
++	/* enforce limits to ensure that the following calculations
++	 * do not overflow */
++	if (pktlen >= MAX_PACKET_LEN || pktsize >= MAX_PACKET_LEN) {
++		_cdk_log_info("cdk_pkt_read: too long packet\n");
++		return gnutls_assert_val(CDK_Inv_Packet);
++	}
++
+ 	pkt->pkttype = pkttype;
+ 	pkt->pktlen = pktlen;
+ 	pkt->pktsize = pktsize + pktlen;
+@@ -1027,6 +1035,7 @@ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt)
+ 		break;
+ 
+ 	case CDK_PKT_USER_ID:
++
+ 		pkt->pkt.user_id = cdk_calloc(1, sizeof *pkt->pkt.user_id
+ 					      + pkt->pktlen + 1);
+ 		if (!pkt->pkt.user_id)
+-- 
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_14_opencdk-read_attribute-account-buffer-size.patch gnutls28-3.3.8/debian/patches/55_14_opencdk-read_attribute-account-buffer-size.patch
--- gnutls28-3.3.8/debian/patches/55_14_opencdk-read_attribute-account-buffer-size.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_14_opencdk-read_attribute-account-buffer-size.patch	2017-03-05 16:09:01.000000000 +0100
@@ -0,0 +1,33 @@
+From 3f5b3a45e4ad9520f5efc02676f996f780169e40 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Thu, 23 Feb 2017 11:10:04 +0100
+Subject: [PATCH] opencdk: read_attribute: account buffer size
+
+That ensures that there is no read past the end of buffer.
+
+Resolves the oss-fuzz found bug:
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
+
+Relates: #159
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/opencdk/read-packet.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index 87ab06c56..ba1223bd3 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -514,7 +514,7 @@ read_attribute(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr,
+ 		pktlen--;
+ 	}
+ 
+-	if (!len || *p != 1) {		/* Currently only 1, meaning an image, is defined. */
++	if (!len || pktlen == 0 || *p != 1) {	/* Currently only 1, meaning an image, is defined. */
+ 		rc = CDK_Inv_Packet;
+ 		goto error;
+ 	}
+-- 
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch gnutls28-3.3.8/debian/patches/55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch
--- gnutls28-3.3.8/debian/patches/55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch	2017-03-05 08:34:43.000000000 +0100
@@ -0,0 +1,243 @@
+From 9fe2b08714ac25a079f58790fd577b156bf5bf93 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Wed, 1 Mar 2017 07:54:04 +0100
+Subject: [PATCH] opencdk: do not parse any secret keys in packet when reading
+ a certificate
+
+This reduces the attack surface on the parsers, and prevents any bugs
+in the secret key parser to be exploitable by inserting secret key
+sub-packets into an openpgp certificate.
+
+This addresses:
+  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
+  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+---
+ lib/opencdk/kbnode.c         |  6 ++++--
+ lib/opencdk/keydb.c          | 14 +++++++-------
+ lib/opencdk/literal.c        |  2 +-
+ lib/opencdk/opencdk.h        |  7 ++++---
+ lib/opencdk/read-packet.c    | 10 +++++++++-
+ lib/openpgp/gnutls_openpgp.c |  2 +-
+ lib/openpgp/pgp.c            |  2 +-
+ lib/openpgp/privkey.c        |  2 +-
+ 8 files changed, 28 insertions(+), 17 deletions(-)
+
+diff --git a/lib/opencdk/kbnode.c b/lib/opencdk/kbnode.c
+index c28cb349b..f865b16ca 100644
+--- a/lib/opencdk/kbnode.c
++++ b/lib/opencdk/kbnode.c
+@@ -369,12 +369,14 @@ cdk_packet_t cdk_kbnode_get_packet(cdk_kbnode_t node)
+  * @armor: whether base64 or not
+  * @buf: the buffer which stores the key sequence
+  * @buflen: the length of the buffer
++ * @public: non-zero if reading a public key
+  *
+  * Tries to read a key node from the memory buffer @buf.
+  **/
+ cdk_error_t
+ cdk_kbnode_read_from_mem(cdk_kbnode_t * ret_node,
+-			 int armor, const byte * buf, size_t buflen)
++			 int armor, const byte * buf, size_t buflen,
++			 unsigned public)
+ {
+ 	cdk_stream_t inp;
+ 	cdk_error_t rc;
+@@ -393,7 +395,7 @@ cdk_kbnode_read_from_mem(cdk_kbnode_t * ret_node,
+ 	if (armor)
+ 		cdk_stream_set_armor_flag(inp, 0);
+ 
+-	rc = cdk_keydb_get_keyblock(inp, ret_node);
++	rc = cdk_keydb_get_keyblock(inp, ret_node, public);
+ 	if (rc)
+ 		gnutls_assert();
+ 	cdk_stream_close(inp);
+diff --git a/lib/opencdk/keydb.c b/lib/opencdk/keydb.c
+index 64eebf034..9112d9ab5 100644
+--- a/lib/opencdk/keydb.c
++++ b/lib/opencdk/keydb.c
+@@ -108,7 +108,7 @@ static cdk_error_t keydb_idx_build(const char *file)
+ 	while (!cdk_stream_eof(inp)) {
+ 		off_t pos = cdk_stream_tell(inp);
+ 
+-		rc = cdk_pkt_read(inp, pkt);
++		rc = cdk_pkt_read(inp, pkt, 1);
+ 		if (rc) {
+ 			_cdk_log_debug
+ 			    ("index build failed packet off=%lu\n",
+@@ -816,7 +816,7 @@ cdk_keydb_search(cdk_keydb_search_t st, cdk_keydb_hd_t hd,
+ 
+ 		pos = cdk_stream_tell(kr);
+ 
+-		rc = cdk_keydb_get_keyblock(kr, &knode);
++		rc = cdk_keydb_get_keyblock(kr, &knode, 1);
+ 
+ 		if (rc) {
+ 			if (rc == CDK_EOF)
+@@ -1679,7 +1679,7 @@ add_key_usage(cdk_kbnode_t knode, u32 keyid[2], unsigned int usage)
+ }
+ 
+ cdk_error_t
+-cdk_keydb_get_keyblock(cdk_stream_t inp, cdk_kbnode_t * r_knode)
++cdk_keydb_get_keyblock(cdk_stream_t inp, cdk_kbnode_t * r_knode, unsigned public)
+ {
+ 	cdk_packet_t pkt;
+ 	cdk_kbnode_t knode, node;
+@@ -1706,7 +1706,7 @@ cdk_keydb_get_keyblock(cdk_stream_t inp, cdk_kbnode_t * r_knode)
+ 	while (!cdk_stream_eof(inp)) {
+ 		cdk_pkt_new(&pkt);
+ 		old_off = cdk_stream_tell(inp);
+-		rc = cdk_pkt_read(inp, pkt);
++		rc = cdk_pkt_read(inp, pkt, public);
+ 		if (rc) {
+ 			cdk_pkt_release(pkt);
+ 			if (rc == CDK_EOF)
+@@ -2126,7 +2126,7 @@ cdk_error_t cdk_keydb_check_sk(cdk_keydb_hd_t hd, u32 * keyid)
+ 		return rc;
+ 	}
+ 	cdk_pkt_new(&pkt);
+-	while (!cdk_pkt_read(db, pkt)) {
++	while (!cdk_pkt_read(db, pkt, 0)) {
+ 		if (pkt->pkttype != CDK_PKT_SECRET_KEY &&
+ 		    pkt->pkttype != CDK_PKT_SECRET_SUBKEY) {
+ 			cdk_pkt_free(pkt);
+@@ -2241,14 +2241,14 @@ cdk_error_t cdk_listkey_next(cdk_listkey_t ctx, cdk_kbnode_t * ret_key)
+ 	}
+ 
+ 	if (ctx->type && ctx->u.patt[0] == '*')
+-		return cdk_keydb_get_keyblock(ctx->inp, ret_key);
++		return cdk_keydb_get_keyblock(ctx->inp, ret_key, 1);
+ 	else if (ctx->type) {
+ 		cdk_kbnode_t node;
+ 		struct cdk_keydb_search_s ks;
+ 		cdk_error_t rc;
+ 
+ 		for (;;) {
+-			rc = cdk_keydb_get_keyblock(ctx->inp, &node);
++			rc = cdk_keydb_get_keyblock(ctx->inp, &node, 1);
+ 			if (rc) {
+ 				gnutls_assert();
+ 				return rc;
+diff --git a/lib/opencdk/literal.c b/lib/opencdk/literal.c
+index 7b4baec82..69967742a 100644
+--- a/lib/opencdk/literal.c
++++ b/lib/opencdk/literal.c
+@@ -67,7 +67,7 @@ static cdk_error_t literal_decode(void *data, FILE * in, FILE * out)
+ 		return rc;
+ 
+ 	cdk_pkt_new(&pkt);
+-	rc = cdk_pkt_read(si, pkt);
++	rc = cdk_pkt_read(si, pkt, 1);
+ 	if (rc || pkt->pkttype != CDK_PKT_LITERAL) {
+ 		cdk_pkt_release(pkt);
+ 		cdk_stream_close(si);
+diff --git a/lib/opencdk/opencdk.h b/lib/opencdk/opencdk.h
+index c06b74984..d95cc32b6 100644
+--- a/lib/opencdk/opencdk.h
++++ b/lib/opencdk/opencdk.h
+@@ -553,7 +553,7 @@ extern "C" {
+ 	void cdk_pkt_release(cdk_packet_t pkt);
+ 
+ /* Read or write the given output from or to the stream. */
+-	cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt);
++	cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt, unsigned public);
+ 	cdk_error_t cdk_pkt_write(cdk_stream_t out, cdk_packet_t pkt);
+ 
+ /* Sub packet routines */
+@@ -814,7 +814,8 @@ extern "C" {
+ /* Try to read the next key block from the given input stream.
+    The key will be returned in @RET_KEY on success. */
+ 	cdk_error_t cdk_keydb_get_keyblock(cdk_stream_t inp,
+-					   cdk_kbnode_t * ret_key);
++					   cdk_kbnode_t * ret_key,
++					   unsigned public);
+ 
+ /* Rebuild the key db index if possible. */
+ 	cdk_error_t cdk_keydb_idx_rebuild(cdk_keydb_hd_t db,
+@@ -848,7 +849,7 @@ extern "C" {
+ 	cdk_error_t cdk_kbnode_read_from_mem(cdk_kbnode_t * ret_node,
+ 					     int armor,
+ 					     const unsigned char *buf,
+-					     size_t buflen);
++					     size_t buflen, unsigned public);
+ 	cdk_error_t cdk_kbnode_write_to_mem(cdk_kbnode_t node,
+ 					    unsigned char *buf,
+ 					    size_t * r_nbytes);
+diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
+index a2631fed1..e202a10b0 100644
+--- a/lib/opencdk/read-packet.c
++++ b/lib/opencdk/read-packet.c
+@@ -960,7 +960,7 @@ static cdk_error_t skip_packet(cdk_stream_t inp, size_t pktlen)
+  *
+  * Parse the next packet on the @inp stream and return its contents in @pkt.
+  **/
+-cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt)
++cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt, unsigned public)
+ {
+ 	int ctb, is_newctb;
+ 	int pkttype;
+@@ -1068,6 +1068,10 @@ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt)
+ 		break;
+ 
+ 	case CDK_PKT_SECRET_KEY:
++		if (public) {
++			/* read secret key when expecting public */
++			return gnutls_assert_val(CDK_Inv_Packet);
++		}
+ 		pkt->pkt.secret_key =
+ 		    cdk_calloc(1, sizeof *pkt->pkt.secret_key);
+ 		if (!pkt->pkt.secret_key)
+@@ -1083,6 +1087,10 @@ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt)
+ 		break;
+ 
+ 	case CDK_PKT_SECRET_SUBKEY:
++		if (public) {
++			/* read secret key when expecting public */
++			return gnutls_assert_val(CDK_Inv_Packet);
++		}
+ 		pkt->pkt.secret_key =
+ 		    cdk_calloc(1, sizeof *pkt->pkt.secret_key);
+ 		if (!pkt->pkt.secret_key)
+diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c
+index 7c05e1fbf..192737f83 100644
+--- a/lib/openpgp/gnutls_openpgp.c
++++ b/lib/openpgp/gnutls_openpgp.c
+@@ -479,7 +479,7 @@ int gnutls_openpgp_count_key_names(const gnutls_datum_t * cert)
+ 		return 0;
+ 	}
+ 
+-	if (cdk_kbnode_read_from_mem(&knode, 0, cert->data, cert->size)) {
++	if (cdk_kbnode_read_from_mem(&knode, 0, cert->data, cert->size, 1)) {
+ 		gnutls_assert();
+ 		return 0;
+ 	}
+diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
+index d5ef2722b..77e57ab41 100644
+--- a/lib/openpgp/pgp.c
++++ b/lib/openpgp/pgp.c
+@@ -99,7 +99,7 @@ gnutls_openpgp_crt_import(gnutls_openpgp_crt_t key,
+ 		armor = 1;
+ 
+ 	rc = cdk_kbnode_read_from_mem(&key->knode, armor, data->data,
+-				      data->size);
++				      data->size, 1);
+ 	if (rc) {
+ 		rc = _gnutls_map_cdk_rc(rc);
+ 		gnutls_assert();
+diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
+index 6aa6fb543..81ec3ab3d 100644
+--- a/lib/openpgp/privkey.c
++++ b/lib/openpgp/privkey.c
+@@ -186,7 +186,7 @@ gnutls_openpgp_privkey_import(gnutls_openpgp_privkey_t key,
+ 		armor = 1;
+ 
+ 	rc = cdk_kbnode_read_from_mem(&key->knode, armor, data->data,
+-				      data->size);
++				      data->size, 0);
+ 	if (rc != 0) {
+ 		rc = _gnutls_map_cdk_rc(rc);
+ 		gnutls_assert();
+-- 
+2.11.0
+
diff -Nru gnutls28-3.3.8/debian/patches/series gnutls28-3.3.8/debian/patches/series
--- gnutls28-3.3.8/debian/patches/series	2016-11-01 10:07:52.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/series	2017-03-05 18:44:02.000000000 +0100
@@ -16,3 +16,19 @@
 51_0003_tests-added-reproducer-for-the-MD5-acceptance-issue.patch
 52_CVE-2016-7444_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch
 53_nettle-use-rsa_-_key_prepare-on-key-import.patch
+55_00_pkcs12-fixed-the-calculation-of-p_size.patch
+55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch
+55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch
+55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch
+55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch
+55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch
+55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch
+55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch
+55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch
+55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch
+55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch
+55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch
+55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch
+55_13_cdk_pkt_read-enforce-packet-limits.patch
+55_14_opencdk-read_attribute-account-buffer-size.patch
+55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Version: 8.8

Hi,

Each of these bugs refers to an update that was included in today's
jessie point release. Thanks!

Regards,

Adam

--- End Message ---
Reply to: