Linux v4.3.2
This commit is contained in:
parent
135e505909
commit
b930873422
|
@ -1,79 +0,0 @@
|
|||
From 5cfd0a0f7cbc6bc9833b8a1bb5acb6056c9c53d9 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Thu, 12 Nov 2015 11:38:40 +0000
|
||||
Subject: [PATCH] X.509: Fix the time validation [ver #3]
|
||||
|
||||
This fixes CVE-2015-5327. It affects kernels from 4.3-rc1 onwards.
|
||||
|
||||
Fix the X.509 time validation to use month number-1 when looking up the
|
||||
number of days in that month. Also put the month number validation before
|
||||
doing the lookup so as not to risk overrunning the array.
|
||||
|
||||
This can be tested by doing the following:
|
||||
|
||||
cat <<EOF | openssl x509 -outform DER | keyctl padd asymmetric "" @s
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDbjCCAlagAwIBAgIJAN/lUld+VR4hMA0GCSqGSIb3DQEBCwUAMCkxETAPBgNV
|
||||
BAoMCGxvY2FsLWNhMRQwEgYDVQQDDAtzaWduaW5nIGtleTAeFw0xNTA5MDEyMTMw
|
||||
MThaFw0xNjA4MzEyMTMwMThaMCkxETAPBgNVBAoMCGxvY2FsLWNhMRQwEgYDVQQD
|
||||
DAtzaWduaW5nIGtleTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANrn
|
||||
crcMfMeG67nagX4+m02Xk9rkmsMKI5XTUxbikROe7GSUVJ27sPVPZp4mgzoWlvhh
|
||||
jfK8CC/qhEhwep8Pgg4EJZyWOjhZb7R97ckGvLIoUC6IO3FC2ZnR7WtmWDgo2Jcj
|
||||
VlXwJdHhKU1VZwulh81O61N8IBKqz2r/kDhIWiicUCUkI/Do/RMRfKAoDBcSh86m
|
||||
gOeIAGfq62vbiZhVsX5dOE8Oo2TK5weAvwUIOR7OuGBl5AqwFlPnXQolewiHzKry
|
||||
THg9e44HfzG4Mi6wUvcJxVaQT1h5SrKD779Z5+8+wf1JLaooetcEUArvWyuxCU59
|
||||
qxA4lsTjBwl4cmEki+cCAwEAAaOBmDCBlTAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
|
||||
AwIHgDAdBgNVHQ4EFgQUyND/eKUis7ep/hXMJ8iZMdUhI+IwWQYDVR0jBFIwUIAU
|
||||
yND/eKUis7ep/hXMJ8iZMdUhI+KhLaQrMCkxETAPBgNVBAoMCGxvY2FsLWNhMRQw
|
||||
EgYDVQQDDAtzaWduaW5nIGtleYIJAN/lUld+VR4hMA0GCSqGSIb3DQEBCwUAA4IB
|
||||
AQAMqm1N1yD5pimUELLhT5eO2lRdGUfTozljRxc7e2QT3RLk2TtGhg65JFFN6eml
|
||||
XS58AEPVcAsSLDlR6WpOpOLB2giM0+fV/eYFHHmh22yqTJl4YgkdUwyzPdCHNOZL
|
||||
hmSKeY9xliHb6PNrNWWtZwhYYvRaO2DX4GXOMR0Oa2O4vaYu6/qGlZOZv3U6qZLY
|
||||
wwHEJSrqeBDyMuwN+eANHpoSpiBzD77S4e+7hUDJnql4j6xzJ65+nWJ89fCrQypR
|
||||
4sN5R3aGeIh3QAQUIKpHilwek0CtEaYERgc5m+jGyKSc1rezJW62hWRTaitOc+d5
|
||||
G5hh+9YpnYcxQHEKnZ7rFNKJ
|
||||
-----END CERTIFICATE-----
|
||||
EOF
|
||||
|
||||
If the patch works, the above should emit a key ID from the new key being
|
||||
accepted; without the patch, it will give a bad message error.
|
||||
|
||||
Reported-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
Tested-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
|
||||
Acked-by: David Woodhouse <David.Woodhouse@intel.com>
|
||||
---
|
||||
crypto/asymmetric_keys/x509_cert_parser.c | 10 ++++++----
|
||||
1 file changed, 6 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
|
||||
index af71878dc15b..ddde54c45ff7 100644
|
||||
--- a/crypto/asymmetric_keys/x509_cert_parser.c
|
||||
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
|
||||
@@ -531,7 +531,11 @@ int x509_decode_time(time64_t *_t, size_t hdrlen,
|
||||
if (*p != 'Z')
|
||||
goto unsupported_time;
|
||||
|
||||
- mon_len = month_lengths[mon];
|
||||
+ if (year < 1970 ||
|
||||
+ mon < 1 || mon > 12)
|
||||
+ goto invalid_time;
|
||||
+
|
||||
+ mon_len = month_lengths[mon - 1];
|
||||
if (mon == 2) {
|
||||
if (year % 4 == 0) {
|
||||
mon_len = 29;
|
||||
@@ -543,9 +547,7 @@ int x509_decode_time(time64_t *_t, size_t hdrlen,
|
||||
}
|
||||
}
|
||||
|
||||
- if (year < 1970 ||
|
||||
- mon < 1 || mon > 12 ||
|
||||
- day < 1 || day > mon_len ||
|
||||
+ if (day < 1 || day > mon_len ||
|
||||
hour < 0 || hour > 23 ||
|
||||
min < 0 || min > 59 ||
|
||||
sec < 0 || sec > 59)
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -52,7 +52,7 @@ Summary: The Linux kernel
|
|||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 1
|
||||
%define stable_update 2
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
|
@ -604,9 +604,6 @@ Patch552: megaraid_sas-Do-not-use-PAGE_SIZE-for-max_sectors.patch
|
|||
#rhbz 1275490
|
||||
Patch553: ideapad-laptop-Add-Lenovo-Yoga-900-to-no_hw_rfkill-d.patch
|
||||
|
||||
#CVE-2015-5327
|
||||
Patch554: X.509-Fix-the-time-validation-ver-3.patch
|
||||
|
||||
#rhbz 1279189
|
||||
Patch556: netfilter-ipset-Fix-extension-alignment.patch
|
||||
Patch557: netfilter-ipset-Fix-hash-type-expiration.patch
|
||||
|
@ -2076,6 +2073,9 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Fri Dec 11 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Linux v4.3.2
|
||||
|
||||
* Thu Dec 10 2015 Laura Abbott <labbott@redhat.com>
|
||||
- Ignore errors from scsi_dh_add_device (rhbz 1288687)
|
||||
|
||||
|
|
Loading…
Reference in New Issue