diff options
author | shannonjr <shannonjr@pkgsrc.org> | 2006-12-09 13:39:28 +0000 |
---|---|---|
committer | shannonjr <shannonjr@pkgsrc.org> | 2006-12-09 13:39:28 +0000 |
commit | c03fa99045b6f59284b6b29b7e3ac4e7ceb5ea27 (patch) | |
tree | f13ee4ed54ceaddb1a507a6778c2d5ecf9c6341b /security | |
parent | c0db9bdc6f326c698ca9ca0dc6602bd01c1d3ba3 (diff) | |
download | pkgsrc-c03fa99045b6f59284b6b29b7e3ac4e7ceb5ea27.tar.gz |
Added patch fixing [CVE-2006-6235] remotely controllable function pointer.
Diffstat (limited to 'security')
-rw-r--r-- | security/gnupg2/Makefile | 4 | ||||
-rw-r--r-- | security/gnupg2/distinfo | 3 | ||||
-rw-r--r-- | security/gnupg2/patches/patch-ah | 249 |
3 files changed, 253 insertions, 3 deletions
diff --git a/security/gnupg2/Makefile b/security/gnupg2/Makefile index 7f7d99ad920..f069eb9d71e 100644 --- a/security/gnupg2/Makefile +++ b/security/gnupg2/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.6 2006/12/06 15:18:33 joerg Exp $ +# $NetBSD: Makefile,v 1.7 2006/12/09 13:39:28 shannonjr Exp $ # DISTNAME= gnupg-2.0.0 PKGNAME= ${DISTNAME:S/gnupg/gnupg2/} -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= security MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/gnupg/ EXTRACT_SUFX= .tar.bz2 diff --git a/security/gnupg2/distinfo b/security/gnupg2/distinfo index 80a068c5875..83395b23511 100644 --- a/security/gnupg2/distinfo +++ b/security/gnupg2/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.2 2006/11/27 20:37:20 shannonjr Exp $ +$NetBSD: distinfo,v 1.3 2006/12/09 13:39:28 shannonjr Exp $ SHA1 (gnupg-2.0.0.tar.bz2) = c335957368ea88bcb658922e7d3aae7e3ac6896d RMD160 (gnupg-2.0.0.tar.bz2) = 739e303f1380ec9cb5c3a248179001700efe6f2e @@ -14,3 +14,4 @@ SHA1 (patch-ab) = 501bce9a8474ac37a8e01eceae9b52f0e87868d5 SHA1 (patch-ac) = ca9e1044a0eb8d3e25cd9c20174047a96038c236 SHA1 (patch-af) = 04fdcbf19c4d530fc735c04dd785c07692d8b96d SHA1 (patch-ag) = 4fa09f0357ac2b5f2602ae0fbee91f4ff26eab20 +SHA1 (patch-ah) = 0b97e13ed0a8d4f1707b839520b1f8702cadacab diff --git a/security/gnupg2/patches/patch-ah b/security/gnupg2/patches/patch-ah new file mode 100644 index 00000000000..54c365c3ca2 --- /dev/null +++ b/security/gnupg2/patches/patch-ah @@ -0,0 +1,249 @@ +$NetBSD: patch-ah,v 1.1 2006/12/09 13:39:28 shannonjr Exp $ + +--- ./g10/encr-data.c.orig 2006-10-02 04:50:13.000000000 -0600 ++++ ./g10/encr-data.c +@@ -39,14 +39,35 @@ static int mdc_decode_filter ( void *opa + static int decode_filter ( void *opaque, int control, IOBUF a, + byte *buf, size_t *ret_len); + +-typedef struct ++typedef struct decode_filter_context_s + { + gcry_cipher_hd_t cipher_hd; + gcry_md_hd_t mdc_hash; + char defer[22]; + int defer_filled; + int eof_seen; +-} decode_filter_ctx_t; ++ int refcount; ++} *decode_filter_ctx_t; ++ ++ ++/* Helper to release the decode context. */ ++static void ++release_dfx_context (decode_filter_ctx_t dfx) ++{ ++ if (!dfx) ++ return; ++ ++ assert (dfx->refcount); ++ if ( !--dfx->refcount ) ++ { ++ gcry_cipher_close (dfx->cipher_hd); ++ dfx->cipher_hd = NULL; ++ gcry_md_close (dfx->mdc_hash); ++ dfx->mdc_hash = NULL; ++ xfree (dfx); ++ } ++} ++ + + + /**************** +@@ -62,7 +83,11 @@ decrypt_data( void *procctx, PKT_encrypt + unsigned blocksize; + unsigned nprefix; + +- memset( &dfx, 0, sizeof dfx ); ++ dfx = xtrycalloc (1, sizeof *dfx); ++ if (!dfx) ++ return gpg_error_from_syserror (); ++ dfx->refcount = 1; ++ + if ( opt.verbose && !dek->algo_info_printed ) + { + const char *s = gcry_cipher_algo_name (dek->algo); +@@ -77,20 +102,20 @@ decrypt_data( void *procctx, PKT_encrypt + goto leave; + blocksize = gcry_cipher_get_algo_blklen (dek->algo); + if ( !blocksize || blocksize > 16 ) +- log_fatal("unsupported blocksize %u\n", blocksize ); ++ log_fatal ("unsupported blocksize %u\n", blocksize ); + nprefix = blocksize; + if ( ed->len && ed->len < (nprefix+2) ) + BUG(); + + if ( ed->mdc_method ) + { +- if (gcry_md_open (&dfx.mdc_hash, ed->mdc_method, 0 )) ++ if (gcry_md_open (&dfx->mdc_hash, ed->mdc_method, 0 )) + BUG (); + if ( DBG_HASHING ) +- gcry_md_start_debug (dfx.mdc_hash, "checkmdc"); ++ gcry_md_start_debug (dfx->mdc_hash, "checkmdc"); + } + +- rc = gcry_cipher_open (&dfx.cipher_hd, dek->algo, ++ rc = gcry_cipher_open (&dfx->cipher_hd, dek->algo, + GCRY_CIPHER_MODE_CFB, + (GCRY_CIPHER_SECURE + | ((ed->mdc_method || dek->algo >= 100)? +@@ -104,7 +129,7 @@ decrypt_data( void *procctx, PKT_encrypt + + + /* log_hexdump( "thekey", dek->key, dek->keylen );*/ +- rc = gcry_cipher_setkey (dfx.cipher_hd, dek->key, dek->keylen); ++ rc = gcry_cipher_setkey (dfx->cipher_hd, dek->key, dek->keylen); + if ( gpg_err_code (rc) == GPG_ERR_WEAK_KEY ) + { + log_info(_("WARNING: message was encrypted with" +@@ -123,7 +148,7 @@ decrypt_data( void *procctx, PKT_encrypt + goto leave; + } + +- gcry_cipher_setiv (dfx.cipher_hd, NULL, 0); ++ gcry_cipher_setiv (dfx->cipher_hd, NULL, 0); + + if ( ed->len ) + { +@@ -144,8 +169,8 @@ decrypt_data( void *procctx, PKT_encrypt + temp[i] = c; + } + +- gcry_cipher_decrypt (dfx.cipher_hd, temp, nprefix+2, NULL, 0); +- gcry_cipher_sync (dfx.cipher_hd); ++ gcry_cipher_decrypt (dfx->cipher_hd, temp, nprefix+2, NULL, 0); ++ gcry_cipher_sync (dfx->cipher_hd); + p = temp; + /* log_hexdump( "prefix", temp, nprefix+2 ); */ + if (dek->symmetric +@@ -155,17 +180,18 @@ decrypt_data( void *procctx, PKT_encrypt + goto leave; + } + +- if ( dfx.mdc_hash ) +- gcry_md_write (dfx.mdc_hash, temp, nprefix+2); +- ++ if ( dfx->mdc_hash ) ++ gcry_md_write (dfx->mdc_hash, temp, nprefix+2); ++ ++ dfx->refcount++; + if ( ed->mdc_method ) +- iobuf_push_filter( ed->buf, mdc_decode_filter, &dfx ); ++ iobuf_push_filter ( ed->buf, mdc_decode_filter, dfx ); + else +- iobuf_push_filter( ed->buf, decode_filter, &dfx ); ++ iobuf_push_filter ( ed->buf, decode_filter, dfx ); + + proc_packets ( procctx, ed->buf ); + ed->buf = NULL; +- if ( ed->mdc_method && dfx.eof_seen == 2 ) ++ if ( ed->mdc_method && dfx->eof_seen == 2 ) + rc = gpg_error (GPG_ERR_INV_PACKET); + else if ( ed->mdc_method ) + { +@@ -184,26 +210,28 @@ decrypt_data( void *procctx, PKT_encrypt + bytes are appended. */ + int datalen = gcry_md_get_algo_dlen (ed->mdc_method); + +- gcry_cipher_decrypt (dfx.cipher_hd, dfx.defer, 22, NULL, 0); +- gcry_md_write (dfx.mdc_hash, dfx.defer, 2); +- gcry_md_final (dfx.mdc_hash); ++ assert (dfx->cipher_hd); ++ assert (dfx->mdc_hash); ++ gcry_cipher_decrypt (dfx->cipher_hd, dfx->defer, 22, NULL, 0); ++ gcry_md_write (dfx->mdc_hash, dfx->defer, 2); ++ gcry_md_final (dfx->mdc_hash); + +- if (dfx.defer[0] != '\xd3' || dfx.defer[1] != '\x14' ) ++ if (dfx->defer[0] != '\xd3' || dfx->defer[1] != '\x14' ) + { + log_error("mdc_packet with invalid encoding\n"); + rc = gpg_error (GPG_ERR_INV_PACKET); + } + else if (datalen != 20 +- || memcmp (gcry_md_read (dfx.mdc_hash, 0),dfx.defer+2,datalen)) ++ || memcmp (gcry_md_read (dfx->mdc_hash, 0), ++ dfx->defer+2,datalen )) + rc = gpg_error (GPG_ERR_BAD_SIGNATURE); +- /* log_printhex("MDC message:", dfx.defer, 22); */ +- /* log_printhex("MDC calc:", gcry_md_read (dfx.mdc_hash,0), datalen); */ ++ /* log_printhex("MDC message:", dfx->defer, 22); */ ++ /* log_printhex("MDC calc:", gcry_md_read (dfx->mdc_hash,0), datalen); */ + } + + + leave: +- gcry_cipher_close (dfx.cipher_hd); +- gcry_md_close (dfx.mdc_hash); ++ release_dfx_context (dfx); + return rc; + } + +@@ -214,7 +242,7 @@ static int + mdc_decode_filter (void *opaque, int control, IOBUF a, + byte *buf, size_t *ret_len) + { +- decode_filter_ctx_t *dfx = opaque; ++ decode_filter_ctx_t dfx = opaque; + size_t n, size = *ret_len; + int rc = 0; + int c; +@@ -226,11 +254,11 @@ mdc_decode_filter (void *opaque, int con + } + else if( control == IOBUFCTRL_UNDERFLOW ) + { +- assert(a); +- assert( size > 44 ); ++ assert (a); ++ assert ( size > 44 ); + + /* Get at least 22 bytes and put it somewhere ahead in the buffer. */ +- for(n=22; n < 44 ; n++ ) ++ for (n=22; n < 44 ; n++ ) + { + if( (c = iobuf_get(a)) == -1 ) + break; +@@ -279,8 +307,10 @@ mdc_decode_filter (void *opaque, int con + + if ( n ) + { +- gcry_cipher_decrypt (dfx->cipher_hd, buf, n, NULL, 0); +- gcry_md_write (dfx->mdc_hash, buf, n); ++ if ( dfx->cipher_hd ) ++ gcry_cipher_decrypt (dfx->cipher_hd, buf, n, NULL, 0); ++ if ( dfx->mdc_hash ) ++ gcry_md_write (dfx->mdc_hash, buf, n); + } + else + { +@@ -289,6 +319,10 @@ mdc_decode_filter (void *opaque, int con + } + *ret_len = n; + } ++ else if ( control == IOBUFCTRL_FREE ) ++ { ++ release_dfx_context (dfx); ++ } + else if ( control == IOBUFCTRL_DESC ) + { + *(char**)buf = "mdc_decode_filter"; +@@ -300,7 +334,7 @@ mdc_decode_filter (void *opaque, int con + static int + decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len) + { +- decode_filter_ctx_t *fc = opaque; ++ decode_filter_ctx_t fc = opaque; + size_t n, size = *ret_len; + int rc = 0; + +@@ -311,11 +345,18 @@ decode_filter( void *opaque, int control + if ( n == -1 ) + n = 0; + if ( n ) +- gcry_cipher_decrypt (fc->cipher_hd, buf, n, NULL, 0); ++ { ++ if (fc->cipher_hd) ++ gcry_cipher_decrypt (fc->cipher_hd, buf, n, NULL, 0); ++ } + else + rc = -1; /* EOF */ + *ret_len = n; + } ++ else if ( control == IOBUFCTRL_FREE ) ++ { ++ release_dfx_context (fc); ++ } + else if ( control == IOBUFCTRL_DESC ) + { + *(char**)buf = "decode_filter"; |