From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 235F8138334 for ; Fri, 4 Oct 2019 15:48:33 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A0B57E0877; Fri, 4 Oct 2019 15:48:30 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 66F49E0877 for ; Fri, 4 Oct 2019 15:48:30 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 41CB734B90B for ; Fri, 4 Oct 2019 15:48:29 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id BA2B9802 for ; Fri, 4 Oct 2019 15:48:26 +0000 (UTC) From: "Thomas Deutschmann" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Thomas Deutschmann" Message-ID: <1570204095.b76774f393a90f6a74371864ec4850f176373b4c.whissi@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/, dev-libs/openssl/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: dev-libs/openssl/files/openssl-1.1.1d-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch dev-libs/openssl/openssl-1.1.1d-r1.ebuild X-VCS-Directories: dev-libs/openssl/ dev-libs/openssl/files/ X-VCS-Committer: whissi X-VCS-Committer-Name: Thomas Deutschmann X-VCS-Revision: b76774f393a90f6a74371864ec4850f176373b4c X-VCS-Branch: master Date: Fri, 4 Oct 2019 15:48:26 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 4b46a323-ef1d-4eeb-b300-2d1fa18170f8 X-Archives-Hash: 6a94efc8c8e6d6d0ff41b2e6055bc20f commit: b76774f393a90f6a74371864ec4850f176373b4c Author: Thomas Deutschmann gentoo org> AuthorDate: Fri Oct 4 14:04:47 2019 +0000 Commit: Thomas Deutschmann gentoo org> CommitDate: Fri Oct 4 15:48:15 2019 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b76774f3 dev-libs/openssl: fix mem leaks with BN_to_ASN1_INTEGER Package-Manager: Portage-2.3.76, Repoman-2.3.17 Signed-off-by: Thomas Deutschmann gentoo.org> ...x-potential-memleaks-w-BN_to_ASN1_INTEGER.patch | 107 +++++++++++++++++++++ dev-libs/openssl/openssl-1.1.1d-r1.ebuild | 1 + 2 files changed, 108 insertions(+) diff --git a/dev-libs/openssl/files/openssl-1.1.1d-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch b/dev-libs/openssl/files/openssl-1.1.1d-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch new file mode 100644 index 00000000000..1f195d0384c --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.1.1d-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch @@ -0,0 +1,107 @@ +From 515c728dbaa92211d2eafb0041ab9fcd258fdc41 Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger +Date: Mon, 9 Sep 2019 19:12:25 +0200 +Subject: [PATCH] Fix potential memory leaks with BN_to_ASN1_INTEGER + +Reviewed-by: Paul Dale +Reviewed-by: Matt Caswell +(Merged from https://github.com/openssl/openssl/pull/9833) + +(cherry picked from commit f28bc7d386b25fb75625d0c62c6b2e6d21de0d09) +--- + crypto/ec/ec_asn1.c | 7 +++++-- + crypto/x509v3/v3_asid.c | 26 ++++++++++++++++++++------ + 2 files changed, 25 insertions(+), 8 deletions(-) + +diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c +index 1ce1181fc10..7cbf8de9813 100644 +--- a/crypto/ec/ec_asn1.c ++++ b/crypto/ec/ec_asn1.c +@@ -446,6 +446,7 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, + unsigned char *buffer = NULL; + const EC_POINT *point = NULL; + point_conversion_form_t form; ++ ASN1_INTEGER *orig; + + if (params == NULL) { + if ((ret = ECPARAMETERS_new()) == NULL) { +@@ -496,8 +497,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, + ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB); + goto err; + } +- ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); ++ ret->order = BN_to_ASN1_INTEGER(tmp, orig = ret->order); + if (ret->order == NULL) { ++ ret->order = orig; + ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB); + goto err; + } +@@ -505,8 +507,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, + /* set the cofactor (optional) */ + tmp = EC_GROUP_get0_cofactor(group); + if (tmp != NULL) { +- ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); ++ ret->cofactor = BN_to_ASN1_INTEGER(tmp, orig = ret->cofactor); + if (ret->cofactor == NULL) { ++ ret->cofactor = orig; + ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB); + goto err; + } +diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c +index 089f2ae29f0..ef2d64826fb 100644 +--- a/crypto/x509v3/v3_asid.c ++++ b/crypto/x509v3/v3_asid.c +@@ -256,6 +256,7 @@ static int extract_min_max(ASIdOrRange *aor, + static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) + { + ASN1_INTEGER *a_max_plus_one = NULL; ++ ASN1_INTEGER *orig; + BIGNUM *bn = NULL; + int i, ret = 0; + +@@ -298,9 +299,15 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) + */ + if ((bn == NULL && (bn = BN_new()) == NULL) || + ASN1_INTEGER_to_BN(a_max, bn) == NULL || +- !BN_add_word(bn, 1) || +- (a_max_plus_one = +- BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { ++ !BN_add_word(bn, 1)) { ++ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, ++ ERR_R_MALLOC_FAILURE); ++ goto done; ++ } ++ ++ if ((a_max_plus_one = ++ BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { ++ a_max_plus_one = orig; + X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, + ERR_R_MALLOC_FAILURE); + goto done; +@@ -351,6 +358,7 @@ int X509v3_asid_is_canonical(ASIdentifiers *asid) + static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) + { + ASN1_INTEGER *a_max_plus_one = NULL; ++ ASN1_INTEGER *orig; + BIGNUM *bn = NULL; + int i, ret = 0; + +@@ -416,9 +424,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) + */ + if ((bn == NULL && (bn = BN_new()) == NULL) || + ASN1_INTEGER_to_BN(a_max, bn) == NULL || +- !BN_add_word(bn, 1) || +- (a_max_plus_one = +- BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { ++ !BN_add_word(bn, 1)) { ++ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ++ ERR_R_MALLOC_FAILURE); ++ goto done; ++ } ++ ++ if ((a_max_plus_one = ++ BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { ++ a_max_plus_one = orig; + X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, + ERR_R_MALLOC_FAILURE); + goto done; diff --git a/dev-libs/openssl/openssl-1.1.1d-r1.ebuild b/dev-libs/openssl/openssl-1.1.1d-r1.ebuild index b9fd0c73a62..db1ec434fd7 100644 --- a/dev-libs/openssl/openssl-1.1.1d-r1.ebuild +++ b/dev-libs/openssl/openssl-1.1.1d-r1.ebuild @@ -46,6 +46,7 @@ PDEPEND="app-misc/ca-certificates" PATCHES=( "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602 "${FILESDIR}"/${P}-fix-zlib.patch + "${FILESDIR}"/${P}-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch ) S="${WORKDIR}/${MY_P}"