Signed-off-by: Martin Jansa <martin.ja...@gmail.com> --- .../libtomcrypt/CVE-2019-17362.patch | 25 +++++++++++++++++++ .../libtomcrypt/libtomcrypt_1.18.2.bb | 4 ++- 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-crypto/libtomcrypt/libtomcrypt/CVE-2019-17362.patch
diff --git a/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt/CVE-2019-17362.patch b/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt/CVE-2019-17362.patch new file mode 100644 index 0000000000..8b7348a11f --- /dev/null +++ b/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt/CVE-2019-17362.patch @@ -0,0 +1,25 @@ +From 25c26a3b7a9ad8192ccc923e15cf62bf0108ef94 Mon Sep 17 00:00:00 2001 +From: werew <we...@ret2libc.com> +Date: Thu, 3 Oct 2019 19:57:10 +0200 +Subject: [PATCH] Fixes #507 + +Signed-off-by: Martin Jansa <martin.ja...@gmail.com> +--- +Upstream-Status: Backport [https://github.com/libtom/libtomcrypt/commit/64d1153e5a515740ab56f39c46baf4cf6991a9d3] + + src/pk/asn1/der/utf8/der_decode_utf8_string.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/pk/asn1/der/utf8/der_decode_utf8_string.c b/src/pk/asn1/der/utf8/der_decode_utf8_string.c +index 94555b99f..d3ed82bea 100644 +--- a/src/pk/asn1/der/utf8/der_decode_utf8_string.c ++++ b/src/pk/asn1/der/utf8/der_decode_utf8_string.c +@@ -65,7 +65,7 @@ int der_decode_utf8_string(const unsigned char *in, unsigned long inlen, + /* count number of bytes */ + for (z = 0; (tmp & 0x80) && (z <= 4); z++, tmp = (tmp << 1) & 0xFF); + +- if (z > 4 || (x + (z - 1) > inlen)) { ++ if (z == 1 || z > 4 || (x + (z - 1) > inlen)) { + return CRYPT_INVALID_PACKET; + } + diff --git a/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt_1.18.2.bb b/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt_1.18.2.bb index b144338921..8b73cdda85 100644 --- a/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt_1.18.2.bb +++ b/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt_1.18.2.bb @@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=71baacc459522324ef3e2b9e052e8180" DEPENDS += "libtool-cross" -SRC_URI = "git://github.com/libtom/libtomcrypt.git;protocol=https;branch=master" +SRC_URI = "git://github.com/libtom/libtomcrypt.git;protocol=https;branch=master \ + file://CVE-2019-17362.patch \ +" SRCREV = "7e7eb695d581782f04b24dc444cbfde86af59853" -- 2.41.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#103941): https://lists.openembedded.org/g/openembedded-devel/message/103941 Mute This Topic: https://lists.openembedded.org/mt/100213967/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-