Fix for CVE-2019-6486

This commit is contained in:
Jakub Čajka 2019-01-29 12:52:29 +01:00
parent bc69b83b00
commit 8ae8c86871
2 changed files with 46 additions and 1 deletions

39
CVE-2019-6486.patch Normal file
View File

@ -0,0 +1,39 @@
From 193c16a3648b8670a762e925b6ac6e074f468a20 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Tue, 22 Jan 2019 16:02:41 -0500
Subject: [PATCH] crypto/elliptic: reduce subtraction term to prevent long busy loop
If beta8 is unusually large, the addition loop might take a very long
time to bring x3-beta8 back positive.
This would lead to a DoS vulnerability in the implementation of the
P-521 and P-384 elliptic curves that may let an attacker craft inputs
to ScalarMult that consume excessive amounts of CPU.
This fixes CVE-2019-6486.
Fixes #29903
Change-Id: Ia969e8b5bf5ac4071a00722de9d5e4d856d8071a
Reviewed-on: https://team-review.git.corp.google.com/c/399777
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-on: https://go-review.googlesource.com/c/159218
Reviewed-by: Julie Qiu <julie@golang.org>
---
diff --git a/src/crypto/elliptic/elliptic.go b/src/crypto/elliptic/elliptic.go
index 4fc2b5e..c84657c 100644
--- a/src/crypto/elliptic/elliptic.go
+++ b/src/crypto/elliptic/elliptic.go
@@ -210,8 +210,9 @@
x3 := new(big.Int).Mul(alpha, alpha)
beta8 := new(big.Int).Lsh(beta, 3)
+ beta8.Mod(beta8, curve.P)
x3.Sub(x3, beta8)
- for x3.Sign() == -1 {
+ if x3.Sign() == -1 {
x3.Add(x3, curve.P)
}
x3.Mod(x3, curve.P)

View File

@ -106,7 +106,7 @@
Name: golang Name: golang
Version: 1.12 Version: 1.12
Release: 0.beta2.1%{?dist} Release: 0.beta2.2%{?dist}
Summary: The Go Programming Language Summary: The Go Programming Language
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
License: BSD and Public Domain License: BSD and Public Domain
@ -183,6 +183,7 @@ Requires: go-srpm-macros
Patch1: 0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch Patch1: 0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch
Patch2: 0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch Patch2: 0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
Patch3: CVE-2019-6486.patch
# Having documentation separate was broken # Having documentation separate was broken
Obsoletes: %{name}-docs < 1.1-4 Obsoletes: %{name}-docs < 1.1-4
@ -308,6 +309,7 @@ Requires: %{name} = %{version}-%{release}
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1
cp %{SOURCE1} ./src/runtime/ cp %{SOURCE1} ./src/runtime/
@ -546,6 +548,10 @@ fi
%endif %endif
%changelog %changelog
* Sun Jan 27 2019 Jakub Čajka <jcajka@redhat.com> - 1.12-0.beta2.2
- Fix for CVE-2019-6486
- Resolves: BZ#1668973
* Fri Jan 11 2019 Jakub Čajka <jcajka@redhat.com> - 1.12-0.beta2.1 * Fri Jan 11 2019 Jakub Čajka <jcajka@redhat.com> - 1.12-0.beta2.1
- Rebase to go1.12beta2 - Rebase to go1.12beta2