diff --git a/SOURCES/bz1560467-1-totemcrypto-Check-length-of-the-packet.patch b/SOURCES/bz1560467-1-totemcrypto-Check-length-of-the-packet.patch deleted file mode 100644 index d574436..0000000 --- a/SOURCES/bz1560467-1-totemcrypto-Check-length-of-the-packet.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 3923de59d71ca6f5affa63a32c6eb688efed6356 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Fri, 6 Apr 2018 14:43:02 +0200 -Subject: [PATCH] totemcrypto: Check length of the packet - -Packet has to be longer than crypto_config_header and hash_len, -otherwise unallocated memory is passed into calculate_nss_hash function, -what may result in crash. - -Signed-off-by: Jan Friesse -Reviewed-by: Raphael Sanchez Prudencio -Reviewed-by: Christine Caulfield ---- - exec/totemcrypto.c | 11 +++++++++++ - 1 files changed, 11 insertions(+), 0 deletions(-) - -diff --git a/exec/totemcrypto.c b/exec/totemcrypto.c -index 64246c9..88c68d1 100644 ---- a/exec/totemcrypto.c -+++ b/exec/totemcrypto.c -@@ -736,6 +736,11 @@ static int authenticate_nss_2_3 ( - unsigned char tmp_hash[hash_len[instance->crypto_hash_type]]; - int datalen = *buf_len - hash_len[instance->crypto_hash_type]; - -+ if (*buf_len <= hash_len[instance->crypto_hash_type]) { -+ log_printf(instance->log_level_security, "Received message is too short... ignoring"); -+ return -1; -+ } -+ - if (calculate_nss_hash(instance, buf, datalen, tmp_hash) < 0) { - return -1; - } -@@ -845,6 +850,12 @@ int crypto_authenticate_and_decrypt (struct crypto_instance *instance, - { - struct crypto_config_header *cch = (struct crypto_config_header *)buf; - -+ if (*buf_len <= sizeof(struct crypto_config_header)) { -+ log_printf(instance->log_level_security, "Received message is too short... ignoring"); -+ -+ return (-1); -+ } -+ - if (cch->crypto_cipher_type != CRYPTO_CIPHER_TYPE_2_3) { - log_printf(instance->log_level_security, - "Incoming packet has different crypto type. Rejecting"); --- -1.7.1 - diff --git a/SOURCES/bz1560468-1-totemcrypto-Check-length-of-the-packet.patch b/SOURCES/bz1560468-1-totemcrypto-Check-length-of-the-packet.patch new file mode 100644 index 0000000..d574436 --- /dev/null +++ b/SOURCES/bz1560468-1-totemcrypto-Check-length-of-the-packet.patch @@ -0,0 +1,48 @@ +From 3923de59d71ca6f5affa63a32c6eb688efed6356 Mon Sep 17 00:00:00 2001 +From: Jan Friesse +Date: Fri, 6 Apr 2018 14:43:02 +0200 +Subject: [PATCH] totemcrypto: Check length of the packet + +Packet has to be longer than crypto_config_header and hash_len, +otherwise unallocated memory is passed into calculate_nss_hash function, +what may result in crash. + +Signed-off-by: Jan Friesse +Reviewed-by: Raphael Sanchez Prudencio +Reviewed-by: Christine Caulfield +--- + exec/totemcrypto.c | 11 +++++++++++ + 1 files changed, 11 insertions(+), 0 deletions(-) + +diff --git a/exec/totemcrypto.c b/exec/totemcrypto.c +index 64246c9..88c68d1 100644 +--- a/exec/totemcrypto.c ++++ b/exec/totemcrypto.c +@@ -736,6 +736,11 @@ static int authenticate_nss_2_3 ( + unsigned char tmp_hash[hash_len[instance->crypto_hash_type]]; + int datalen = *buf_len - hash_len[instance->crypto_hash_type]; + ++ if (*buf_len <= hash_len[instance->crypto_hash_type]) { ++ log_printf(instance->log_level_security, "Received message is too short... ignoring"); ++ return -1; ++ } ++ + if (calculate_nss_hash(instance, buf, datalen, tmp_hash) < 0) { + return -1; + } +@@ -845,6 +850,12 @@ int crypto_authenticate_and_decrypt (struct crypto_instance *instance, + { + struct crypto_config_header *cch = (struct crypto_config_header *)buf; + ++ if (*buf_len <= sizeof(struct crypto_config_header)) { ++ log_printf(instance->log_level_security, "Received message is too short... ignoring"); ++ ++ return (-1); ++ } ++ + if (cch->crypto_cipher_type != CRYPTO_CIPHER_TYPE_2_3) { + log_printf(instance->log_level_security, + "Incoming packet has different crypto type. Rejecting"); +-- +1.7.1 + diff --git a/SPECS/corosync.spec b/SPECS/corosync.spec index 4c30c0f..1ce46b5 100644 --- a/SPECS/corosync.spec +++ b/SPECS/corosync.spec @@ -24,7 +24,7 @@ Name: corosync Summary: The Corosync Cluster Engine and Application Programming Interfaces Version: 2.4.3 -Release: 2%{?gitver}%{?dist}.1 +Release: 4%{?gitver}%{?dist} License: BSD Group: System Environment/Base URL: http://corosync.github.io/corosync/ @@ -32,10 +32,10 @@ Source0: http://build.clusterlabs.org/corosync/releases/%{name}-%{version}%{?git Patch0: bz1536219-1-logging-Make-blackbox-configurable.patch Patch1: bz1536219-2-logging-Close-before-and-open-blackbox-after-fork.patch -Patch2: bz1560467-1-totemcrypto-Check-length-of-the-packet.patch +Patch2: bz1560468-1-totemcrypto-Check-length-of-the-packet.patch %if 0%{?rhel} -ExclusiveArch: i686 x86_64 s390x ppc64le +ExclusiveArch: i686 x86_64 s390x ppc64le aarch64 %endif # Runtime bits @@ -92,7 +92,7 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) %setup -q -n %{name}-%{version}%{?gittarver} %patch0 -p1 -b .bz1536219-1 %patch1 -p1 -b .bz1536219-2 -%patch2 -p1 -b .bz1560467-1 +%patch2 -p1 -b .bz1560468-1 %build %if %{with runautogen} @@ -524,8 +524,13 @@ fi %endif %changelog -* Fri Apr 06 2018 Jan Friesse 2.4.3-2.1 -- Resolves: rhbz#1560467 +* Tue Apr 17 2018 Jan Friesse 2.4.3-4 +- Resolves: rhbz#1422598 + +- Enable aarch64 build (bz#1422598) + +* Fri Apr 06 2018 Jan Friesse 2.4.3-3 +- Resolves: rhbz#1560468 - totemcrypto: Check length of the packet