Bug#575433: marked as done (openssl: OpenSSL does not check for a NULL return value from bn_wexpand function calls)

Tue, 08 Jun 2010 12:57:18 -0700 

Your message dated Tue, 08 Jun 2010 19:52:43 +0000
with message-id <[email protected]>
and subject line Bug#575433: fixed in openssl 0.9.8g-15+lenny7
has caused the Debian Bug report #575433,
regarding openssl: OpenSSL does not check for a NULL return value from 
bn_wexpand function calls
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
575433: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575433
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: openssl
Version: 0.9.8g-15+lenny6
Tags: lenny,security,patch

This bug report is based upon CVE-2009-3245
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand 
function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) 
crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which 
has unspecified impact and context-dependent attack vectors.

http://security-tracker.debian.org/tracker/CVE-2009-3245

While the security-tracker includes a "Minor issue" comment in the notes, the 
CVE
states "NVD severity       high (attack range: remote)" so perhaps there should
be a security update for the version in Debian stable.

The upstream fixes are available, visible from
http://cvs.openssl.org/chngview?cn=19309

and that changeset applies cleanly to the .c files in the stable
Debian 0.9.8g-15+lenny6 source. And is attached to this message.


Index: openssl/CHANGES
RCS File: /v/openssl/cvs/openssl/CHANGES,v
rcsdiff -q -kk '-r1.1238.2.188' '-r1.1238.2.189' -u 
'/v/openssl/cvs/openssl/CHANGES,v' 2>/dev/null
--- CHANGES     2010/02/19 18:25:37     1.1238.2.188
+++ CHANGES     2010/02/23 10:36:39     1.1238.2.189
@@ -4,6 +4,9 @@
 
  Changes between 0.9.8l and 0.9.8m [xx XXX xxxx]
 
+  *) Always check bn_wexpend() return values for failure.  (CVE-2009-3245)
+     [Martin Olsson, Neel Mehta]
+
   *) Fix X509_STORE locking: Every 'objs' access requires a lock (to
      accommodate for stack sorting, always a write lock!).
      [Bodo Moeller]
Index: openssl/crypto/bn/bn_div.c
RCS File: /v/openssl/cvs/openssl/crypto/bn/bn_div.c,v
rcsdiff -q -kk '-r1.37.2.8' '-r1.37.2.9' -u 
'/v/openssl/cvs/openssl/crypto/bn/bn_div.c,v' 2>/dev/null
--- bn_div.c    2009/06/17 11:26:39     1.37.2.8
+++ bn_div.c    2010/02/23 10:36:41     1.37.2.9
@@ -102,7 +102,7 @@
        /* The next 2 are needed so we can do a dv->d[0]|=1 later
         * since BN_lshift1 will only work once there is a value :-) */
        BN_zero(dv);
-       bn_wexpand(dv,1);
+       if(bn_wexpand(dv,1) == NULL) goto end;
        dv->top=1;
 
        if (!BN_lshift(D,D,nm-nd)) goto end;
Index: openssl/crypto/bn/bn_gf2m.c
RCS File: /v/openssl/cvs/openssl/crypto/bn/bn_gf2m.c,v
rcsdiff -q -kk '-r1.18.2.2' '-r1.18.2.3' -u 
'/v/openssl/cvs/openssl/crypto/bn/bn_gf2m.c,v' 2>/dev/null
--- bn_gf2m.c   2008/06/23 20:46:28     1.18.2.2
+++ bn_gf2m.c   2010/02/23 10:36:41     1.18.2.3
@@ -294,7 +294,8 @@
        if (a->top < b->top) { at = b; bt = a; }
        else { at = a; bt = b; }
 
-       bn_wexpand(r, at->top);
+       if(bn_wexpand(r, at->top) == NULL)
+               return 0;
 
        for (i = 0; i < bt->top; i++)
                {
Index: openssl/crypto/ec/ec2_smpl.c
RCS File: /v/openssl/cvs/openssl/crypto/ec/ec2_smpl.c,v
rcsdiff -q -kk '-r1.14.2.1' '-r1.14.2.2' -u 
'/v/openssl/cvs/openssl/crypto/ec/ec2_smpl.c,v' 2>/dev/null
--- ec2_smpl.c  2006/03/13 23:12:07     1.14.2.1
+++ ec2_smpl.c  2010/02/23 10:36:41     1.14.2.2
@@ -174,8 +174,10 @@
        dest->poly[2] = src->poly[2];
        dest->poly[3] = src->poly[3];
        dest->poly[4] = src->poly[4];
-       bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2);
-       bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+       if(bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) 
== NULL)
+               return 0;
+       if(bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) 
== NULL)
+               return 0;
        for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0;
        for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0;
        return 1;
@@ -199,12 +201,12 @@
 
        /* group->a */
        if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err;
-       bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+       if(bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / 
BN_BITS2) == NULL) goto err;
        for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0;
        
        /* group->b */
        if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err;
-       bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+       if(bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / 
BN_BITS2) == NULL) goto err;
        for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0;
                
        ret = 1;
Index: openssl/engines/e_ubsec.c
RCS File: /v/openssl/cvs/openssl/engines/e_ubsec.c,v
rcsdiff -q -kk '-r1.13.2.3' '-r1.13.2.4' -u 
'/v/openssl/cvs/openssl/engines/e_ubsec.c,v' 2>/dev/null
--- e_ubsec.c   2007/09/06 12:43:53     1.13.2.3
+++ e_ubsec.c   2010/02/23 10:36:41     1.13.2.4
@@ -934,7 +934,7 @@
                 priv_key = BN_new();
                 if (priv_key == NULL) goto err;
                 priv_key_len = BN_num_bits(dh->p);
-                bn_wexpand(priv_key, dh->p->top);
+                if(bn_wexpand(priv_key, dh->p->top) == NULL) goto err;
                 do
                         if (!BN_rand_range(priv_key, dh->p)) goto err;
                 while (BN_is_zero(priv_key));
@@ -949,7 +949,7 @@
                 {
                 pub_key = BN_new();
                 pub_key_len = BN_num_bits(dh->p);
-                bn_wexpand(pub_key, dh->p->top);
+                if(bn_wexpand(pub_key, dh->p->top) == NULL) goto err;
                 if(pub_key == NULL) goto err;
                 }
         else

--- End Message ---
--- Begin Message --- 
Source: openssl
Source-Version: 0.9.8g-15+lenny7

We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive:

libcrypto0.9.8-udeb_0.9.8g-15+lenny7_amd64.udeb
  to main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny7_amd64.udeb
libssl-dev_0.9.8g-15+lenny7_amd64.deb
  to main/o/openssl/libssl-dev_0.9.8g-15+lenny7_amd64.deb
libssl0.9.8-dbg_0.9.8g-15+lenny7_amd64.deb
  to main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny7_amd64.deb
libssl0.9.8_0.9.8g-15+lenny7_amd64.deb
  to main/o/openssl/libssl0.9.8_0.9.8g-15+lenny7_amd64.deb
openssl_0.9.8g-15+lenny7.diff.gz
  to main/o/openssl/openssl_0.9.8g-15+lenny7.diff.gz
openssl_0.9.8g-15+lenny7.dsc
  to main/o/openssl/openssl_0.9.8g-15+lenny7.dsc
openssl_0.9.8g-15+lenny7_amd64.deb
  to main/o/openssl/openssl_0.9.8g-15+lenny7_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kurt Roeckx <[email protected]> (supplier of updated openssl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 07 Jun 2010 20:30:01 +0200
Source: openssl
Binary: openssl libssl0.9.8 libcrypto0.9.8-udeb libssl-dev libssl0.9.8-dbg
Architecture: source amd64
Version: 0.9.8g-15+lenny7
Distribution: stable-security
Urgency: low
Maintainer: Debian OpenSSL Team <[email protected]>
Changed-By: Kurt Roeckx <[email protected]>
Description: 
 libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl0.9.8 - SSL shared libraries
 libssl0.9.8-dbg - Symbol tables for libssl and libcrypto
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
Closes: 575433
Changes: 
 openssl (0.9.8g-15+lenny7) stable-security; urgency=low
 .
   * Check return type of bn_wexpand().  Fixes CVE-2009-3245
     (Closes: #575433)
Checksums-Sha1: 
 4f5b216ee00dcd67d7a2f27369ebf5e7419d041b 1973 openssl_0.9.8g-15+lenny7.dsc
 9478a88efaca7461e506e8c2fc3963f7bfd38ca5 60059 openssl_0.9.8g-15+lenny7.diff.gz
 e66d46c42b130f532dada2cc1b0c820f5aebfbab 1043234 
openssl_0.9.8g-15+lenny7_amd64.deb
 7fd4450299bd965986ffe7c59a3922620538b06e 975828 
libssl0.9.8_0.9.8g-15+lenny7_amd64.deb
 119541aa94a84a907a6af87571db518dc3389fde 638416 
libcrypto0.9.8-udeb_0.9.8g-15+lenny7_amd64.udeb
 3ecc3b73bfcd124798159c632d276aec8851de77 2243042 
libssl-dev_0.9.8g-15+lenny7_amd64.deb
 dbfc1c1aec8d734354bd73bd1fde8ae1fee230d4 1627806 
libssl0.9.8-dbg_0.9.8g-15+lenny7_amd64.deb
Checksums-Sha256: 
 d36566a01b36d554d4a798404adc5c2ec6bc9a45c7088cbc1ba9e2fa5f535c56 1973 
openssl_0.9.8g-15+lenny7.dsc
 637186d9a8d50196c2afe460944ecfc3e87af202db2e21a92f1a950731b18f60 60059 
openssl_0.9.8g-15+lenny7.diff.gz
 727918d21a335356654e5a2db3408a1b7f8fd98b84f11e82df382457f7be7129 1043234 
openssl_0.9.8g-15+lenny7_amd64.deb
 fdcd08ec5554fba10aaa23cf59d632a83f0e9c0edbd64d5bb39c7c5af39d37fa 975828 
libssl0.9.8_0.9.8g-15+lenny7_amd64.deb
 7259ca3b414181c2626c58eb5d0fb045e94a179ff92938bd8d5170adb95a37eb 638416 
libcrypto0.9.8-udeb_0.9.8g-15+lenny7_amd64.udeb
 39500973e9a2c94d336432cd644ad52f2d776508397c7049f17812e2aa781757 2243042 
libssl-dev_0.9.8g-15+lenny7_amd64.deb
 017dff7d2e695d21487356f59526ba40e0f7385d7434cf880ab7b43e7e7496ab 1627806 
libssl0.9.8-dbg_0.9.8g-15+lenny7_amd64.deb
Files: 
 3a01fda475d201be06b6e6fda6fa0c04 1973 utils optional 
openssl_0.9.8g-15+lenny7.dsc
 f41577974ba83091b5348a4a2ad57ded 60059 utils optional 
openssl_0.9.8g-15+lenny7.diff.gz
 3598a915836a76f0ad01976f02b96b1d 1043234 utils optional 
openssl_0.9.8g-15+lenny7_amd64.deb
 bc0088cdd1d68811e8094a1a951d9b8e 975828 libs important 
libssl0.9.8_0.9.8g-15+lenny7_amd64.deb
 f0d8a903cadfe8a3050e3c988074ab72 638416 debian-installer optional 
libcrypto0.9.8-udeb_0.9.8g-15+lenny7_amd64.udeb
 0b8c96ea9636f04396d2361597bf146d 2243042 libdevel optional 
libssl-dev_0.9.8g-15+lenny7_amd64.deb
 61353d2ca6f62fabe6ea01ef3f6da0dc 1627806 libdevel extra 
libssl0.9.8-dbg_0.9.8g-15+lenny7_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCgAGBQJMDUtvAAoJEGpMZM6DE7XwAqIQAIsK7maxsdtleyuo1gtVe6bg
NTCJidExE2rrNyWKminyMrOmF3/PrBhdV8978MjpRV1qAnz9NyZr8cG/IHql6kcy
m2UqFGRuTd59A9rZF28WFxVfd4+PfM1pTl6/BK8oEzF6IQwBK7etoTmoG1MXXSB5
rVg9UWPUyt+QIYPAS6mxMzXDvMcFnydxYEOv2pAPQSAiKdAHg3O+d27sMik2EFsI
z+kxTxCfJyHaqJvh5od2xub1/pIluL1UPdp/MAE+n8wd6cam53tfVJNhYI0Rlbnu
Z0ol20QT91bHHqtyG9hH6zKZMt05/ZX5FfFqTjlPaiCEYmwniqyOENOmxXwND5Kc
yoZRuW68K8LeohNpIzNyG/xngnLnC1SCZD5A7MF4lFQjnSEMrFAEdVg8ZlPskOqK
sFXC/RZCQNe8Tq5xpRU47FPkl9B1wsVBWDurV2R2kXug34/DOH++KkMM97oCzGIl
SjNEqa9yuUhxPNQcTyboG+B0lRSqkWYflO3CGp05j2no/1Ne+MQWX7UcLYWMiGMV
IYcoQZutQ4EFnp4YUerG/OIUlKyC7OKB+6K1l4Txz7BcbAk0RSM9VkztAAPg+x8A
RrJGfe2iiekM5QSPwJampTZOyqb+kxosKvN4dzjgxWuc+/196Id4LCe4XlvUKHDU
r+1TNyOxI9Km72pGjE96
=rCIV
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to